Authenticate a user and retrieve a JWT token.

Endpoint

POST /auth/signin

Request

Headers

NameRequiredDescription
Content-TypeYesapplication/json

Body

{
  "email": "user@example.com",
  "password": "userpassword"
}
FieldTypeRequiredDescription
emailstringYesUser’s email
passwordstringYesUser’s password

Response

Success Response

Code: 200 OK

Content example:

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
FieldTypeDescription
tokenstringJWT token for authenticated sessions

Error Response

Code: 401 UNAUTHORIZED

Content example:

{
  "statusCode": 401,
  "message": "Unauthorized",
  "error": "Unauthorized"
}

Notes

  • The endpoint uses Passport’s local strategy for authentication.
  • Upon successful authentication, a JWT token is returned which should be used for subsequent authenticated requests.
  • The token contains encoded user information and has an expiration time.

Example Usage

JavaScript (Fetch API)

async function signIn(email, password) {
  try {
    const response = await fetch("http://your-api-url/auth/signin", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
      },
      body: JSON.stringify({ email, password }),
    });

    if (!response.ok) {
      throw new Error(`HTTP error! status: ${response.status}`);
    }

    const data = await response.json();
    console.log("Authentication successful:", data.token);
    return data.token;
  } catch (error) {
    console.error("Authentication failed:", error);
  }
}

// Usage
signIn("user@example.com", "userpassword").then((token) => {
  if (token) {
    // Use the token for authenticated requests
  }
});

Security Considerations

  • Always use HTTPS to prevent interception of credentials.
  • Implement rate limiting to prevent brute-force attacks.
  • Consider adding additional security measures like 2FA for sensitive operations.
  • Store the JWT securely (e.g., in HttpOnly cookies) to prevent XSS attacks.
  • Implement CSRF protection if using cookies for token storage.
API IntroductionGet Verification Code