Login

Endpoint

POST /api/auth/login

Authenticates a user with email and password, returning an access token and setting a refresh token cookie.

Request body

string

required

The user’s email address

password

string

required

The user’s password

Response

accessToken

string

JWT access token for authenticating API requests. Valid for a limited time.

Success response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

The response also sets an HTTP-only cookie named refresh_token with the following properties:

HttpOnly: true (not accessible via JavaScript)
SameSite: Strict
Path: /api/auth
Max-Age: 30 days
Secure: false (should be true in production)

Error responses

401 Unauthorized - Invalid credentials

{
  "error": "Bad credentials"
}

404 Not Found - User not found

{
  "error": "User not found"
}

Example request

curl -X POST https://api.brautcloud.com/api/auth/login \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123"
  }'

The -c cookies.txt flag saves the refresh token cookie for later use.

Status codes

Code	Description
200	Login successful
401	Invalid credentials
404	User not found

Authentication

Events

Images

Users

Endpoint

Request body

Response

Success response

Error responses

Example request

Status codes

Build docs developers (and LLMs) love

Authentication

Events

Images

Users

​Endpoint

​Request body

​Response

​Success response

​Error responses

​Example request

​Status codes

Build docs developers (and LLMs) love

Endpoint

Request body

Response

Success response

Error responses

Example request

Status codes