Finper uses JSON Web Tokens (JWT) for authentication. Obtain a token by logging in or registering, then pass it as theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/soker90/finper/llms.txt
Use this file to discover all available pages before exploring further.
token header on every subsequent request. The token is signed with the JWT_SECRET environment variable and expires after 1 hour. The server automatically issues a refreshed token on every authenticated response via the Token response header.
POST /api/auth/login
Authenticate an existing user and receive a JWT.POST /api/auth/login — no token header required.
Request Body
The account username. Case-insensitive — normalized to lowercase internally.
The account password.
Response — 200 OK
Signed JWT valid for 1 hour. Pass this value in the
token header on all subsequent requests.The authenticated username string.
Example
POST /api/auth/register
Create a new user account and receive a JWT.POST /api/auth/register — no token header required.
Registration is gated by the
ALLOW_REGISTRATION environment variable. If this variable is not set to true, the endpoint returns 403 Forbidden. This prevents unauthorized sign-ups on self-hosted instances.Request Body
Desired username. Must be between 3 and 15 characters. Normalized to lowercase.
Desired password. Must be at least 5 characters.
Response — 200 OK
Signed JWT for the newly created user, valid for 1 hour.
Example
GET /api/auth/me
Verify the current token and receive a refreshed token in the response header.GET /api/auth/me — requires token header.
This endpoint exists primarily to allow the client to confirm it holds a valid token on app startup. It responds with 204 No Content — all meaningful data is in the Token response header.
Response — 204 No Content
No response body. The refreshed JWT is written into theToken response header by the auth middleware.
Example
Using the Token
Include the JWT in thetoken header on every authenticated request: