Login

Authenticates a user with email and password, returning authentication cookies (accessToken and refreshToken) along with the user details.

Request

string

required

User’s email address. Must be a valid email format.

password

string

required

User’s password. Must have minimum 1 character.

Response

status

string

Response status. Returns “success” on successful login.

data

object

Contains the user data object.

users

object

The authenticated user details.

number

Unique identifier for the user.

fullname

string

User’s full name.

string

User’s email address.

Response Headers

The response includes two Set-Cookie headers:

Set-Cookie: accessToken - HTTP-only cookie for API authentication. Valid across all paths. Includes Secure and SameSite=None flags.
Set-Cookie: refreshToken - HTTP-only cookie for token renewal. Only valid for /api/refresh path. Includes Secure and SameSite=None flags.

Example Request

curl -X POST https://juadah-backend.vercel.app/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securepassword123"
  }'

Example Response

Success (200 OK)

{
  "status": "success",
  "data": {
    "users": {
      "id": 1,
      "fullname": "John Doe",
      "email": "user@example.com"
    }
  }
}

Response headers include:

Set-Cookie: accessToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...; Path=/; HttpOnly; Secure; SameSite=None
Set-Cookie: refreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...; Path=/api/refresh; HttpOnly; Secure; SameSite=None

Validation Error (400 Bad Request)

{
  "status": "fail",
  "errors": {
    "code": 400,
    "message": "validation error",
    "details": {
      "email": "your email format is invalid",
      "password": "password is required"
    }
  }
}

Common validation errors:

email is required - Email field is missing
your email format is invalid - Invalid email format
password is required - Password field is missing

Invalid Credentials (400 Bad Request)

{
  "status": "fail",
  "errors": {
    "code": 400,
    "message": "email or password is incorrect"
  }
}

This error is returned when the email doesn’t exist or the password is incorrect.

Authentication

Users

Products

Payments

Request

Response

Response Headers

Example Request

Example Response

Success (200 OK)

Validation Error (400 Bad Request)

Invalid Credentials (400 Bad Request)

Build docs developers (and LLMs) love

Authentication

Users

Products

Payments

Documentation Index

​Request

​Response

​Response Headers

​Example Request

​Example Response

​Success (200 OK)

​Validation Error (400 Bad Request)

​Invalid Credentials (400 Bad Request)

Build docs developers (and LLMs) love

Request

Response

Response Headers

Example Request

Example Response

Success (200 OK)

Validation Error (400 Bad Request)

Invalid Credentials (400 Bad Request)