Skip to main content
GET /api/auth/verify Returns the userId and tenantId that the auth middleware decoded from the JWT on the current request. This endpoint is registered under /api/auth which is a public route prefix — it does not independently verify the token. In practice it is most useful when called after passing through the global auth middleware (i.e., as an internal utility rather than a standalone verification endpoint).
The /api/auth prefix is registered before the global authMiddleware in index.ts, so this endpoint does not independently validate the token. It returns the userId and tenantId values already attached to the request by middleware from a prior step.

Request headers

Authorization
string
Bearer token in the format Bearer <token>. Required for the middleware to attach user identity to the request.

Response

userId
string
UUID of the authenticated user decoded from the token.
tenantId
string
UUID of the authenticated user’s tenant decoded from the token.

Errors

StatusError messageDescription
401Missing or invalid authorization headerThe Authorization header is absent or does not start with Bearer .
401Invalid tokenThe token is malformed, expired, or signed with an incorrect secret.

Example

curl
curl --request GET \
  --url http://localhost:5000/api/auth/verify \
  --header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'

Success response

{
  "userId": "a3f1e2d4-bc56-4789-9012-3def45678901",
  "tenantId": "b7c2d3e4-f567-4890-ab12-cdef01234567"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us