← Back to Main Social Features APIs
Documentation Home

Authentication API

User authentication, registration, and account management endpoints

User Registration & Authentication

Core authentication endpoints for user management

POST /api/v1/auth/register

Register a new user account

🌐 Public Endpoint
Body: { "firstName": "John", "lastName": "Doe", "email": "john@example.com", "password": "securePassword123" }
POST /api/v1/auth/login

Login with email and password

🌐 Public Endpoint
Body: { "email": "john@example.com", "password": "securePassword123" }
Response: { "success": true, "message": "Login successful", "data": { "user": { "id": "...", "email": "...", "firstName": "..." }, "tokens": { "accessToken": "jwt-token...", "refreshToken": "refresh-token..." } } }
POST /api/v1/auth/logout

Logout and invalidate tokens

🔒 Authentication Required
POST /api/v1/auth/refresh

Refresh access token using refresh token

🌐 Public Endpoint
Body: { "refreshToken": "refresh-token..." }

Email Verification

Email verification and resend functionality

GET /api/v1/auth/verify-email/{token}

Verify email address using verification token

🌐 Public Endpoint
POST /api/v1/auth/resend-verification

Resend email verification link

🌐 Public Endpoint
Body: { "email": "john@example.com" }

Password Management

Password reset and change functionality

POST /api/v1/auth/forgot-password

Request password reset email

🌐 Public Endpoint
Body: { "email": "john@example.com" }
POST /api/v1/auth/reset-password

Reset password using reset token

🌐 Public Endpoint
Body: { "token": "reset-token...", "newPassword": "newSecurePassword123" }
PATCH /api/v1/auth/change-password

Change password for authenticated user

🔒 Authentication Required
Body: { "currentPassword": "currentPassword123", "newPassword": "newSecurePassword123" }

User Profile

User profile management and information

GET /api/v1/auth/me

Get current user profile information

🔒 Authentication Required
Response: { "success": true, "data": { "user": { "id": "user-id", "firstName": "John", "lastName": "Doe", "email": "john@example.com", "isEmailVerified": true, "createdAt": "2024-01-01T00:00:00.000Z" } } }
PATCH /api/v1/auth/profile

Update user profile information

🔒 Authentication Required
Body: { "firstName": "John", "lastName": "Doe" }

Usage Notes

Important information about authentication APIs

Authentication

Protected endpoints require JWT token in the Authorization header: Authorization: Bearer <token>

Token Management

  • Access Token - Short-lived token for API access (expires in 15 minutes)
  • Refresh Token - Long-lived token for getting new access tokens (expires in 7 days)

Email Verification

  • Users must verify their email before accessing protected features
  • Verification emails are sent automatically upon registration
  • Verification tokens expire after 24 hours

Password Requirements

  • Minimum 8 characters
  • Must contain at least one uppercase letter, lowercase letter, and number

Rate Limiting

Authentication endpoints have rate limiting to prevent abuse. Limits vary by endpoint.