Skip to main content
POST /api/auth/login Verifies the provided credentials and returns a signed JWT containing the userId and tenantId. Use the returned token to authenticate all subsequent requests to protected endpoints.
Store the token in localStorage (or a secure cookie) after login, then attach it to every protected request as Authorization: Bearer <token>.

Request body

email
string
required
User email address.
password
string
required
User password.

Response

token
string
JWT bearer token. Valid for all protected API routes.
user
object

Errors

StatusError messageDescription
401Invalid credentialsThe email does not exist or the password is incorrect.
500Login failedAn unexpected server error occurred.

Examples

curl --request POST \
  --url http://localhost:5000/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "[email protected]",
    "password": "s3cur3p@ss"
  }'

Success response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "a3f1e2d4-bc56-4789-9012-3def45678901",
    "email": "[email protected]",
    "name": "Jane Doe",
    "tenantId": "b7c2d3e4-f567-4890-ab12-cdef01234567",
    "role": "admin"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us