Skip to main content

Authentication

Manage customer authentication, registration, profile, and account operations.

Register Customer

POST /api/ecom/auth/register

Register a new customer account
Register a new customer with email, password, and RUC/CED identification. Optionally include customer details.

Request Body

email
string
required
Customer email address (max 60 characters)
password
string
required
Password (minimum 8 characters, max 60)
cli_ruc_ced
string
required
Customer RUC or CED number (10-13 characters)
cliente
object
Optional customer details

Response

success
string
Success message: “Usuario registrado exitosamente”

Example Request

curl -X POST https://api.example.com/api/ecom/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123",
    "cli_ruc_ced": "1234567890",
    "cliente": {
      "cli_nombre": "Juan Pérez",
      "cli_telefono": "0987654321",
      "cli_celular": "987654321",
      "cli_direccion": "Av. Principal 123",
      "ct_codigo": "UIO"
    }
  }'

Example Response

"Usuario registrado exitosamente"
The password is hashed using bcrypt before storage. Passwords must be at least 8 characters long.

Login

POST /api/ecom/auth/login

Authenticate customer and receive JWT token
Authenticate with email and password to receive a JWT token for protected endpoints.

Request Body

email
string
required
Customer email address (can also use user field)
password
string
required
Customer password
The API accepts both email and user fields for backward compatibility. Either field can be used for the email address.

Response

token
string
JWT authentication token

Example Request

curl -X POST https://api.example.com/api/ecom/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123"
  }'

Example Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImNsaWVudGVAZXhhbXBsZS5jb20iLCJjbGlfY29kaWdvIjoiQ0xJMDAxIiwiaWF0IjoxNjc5MzE2MDAwLCJleHAiOjE2NzkzMTk2MDB9.signature"
}

Error Responses

error
string
Error message for invalid credentials
401 Unauthorized
{
  "error": "Credenciales inválidas"
}
400 Bad Request
{
  "message": "Datos de login inválidos",
  "details": "Validation error details"
}

Check Client Availability

GET /api/ecom/auth/client/:cli_ruc_ced

Check if a client RUC/CED is available for registration
Check if a customer with the given RUC/CED exists and whether they can register.

Path Parameters

cli_ruc_ced
string
required
Customer RUC or CED number (10-13 characters)

Response Scenarios

message
string
Status message indicating availability

Example Request

curl -X GET https://api.example.com/api/ecom/auth/client/1234567890

Example Responses

200 OK - Available
{
  "message": "Registro de cliente disponible con ese número de RUC"
}
409 Conflict - Already Registered
{
  "message": "Cliente ya registrado"
}
404 Not Found - Must Register
{
  "message": "Cliente no existe, debe registrarse"
}

Get Profile (Protected)

GET /api/ecom/auth/me

Get authenticated customer profile
Retrieve the profile information for the authenticated customer.
This endpoint requires authentication. Include the JWT token in the Authorization header.

Headers

Authorization
string
required
Bearer token from login responseFormat: Bearer {token}

Response

profile
object
Customer profile data from database

Example Request

curl -X GET https://api.example.com/api/ecom/auth/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Example Response

{
  "usr_email": "[email protected]",
  "cli_codigo": "CLI001",
  "cli_nombre": "Juan Pérez",
  "cli_ruc_ced": "1234567890",
  "cli_telefono": "0987654321",
  "cli_celular": "987654321",
  "cli_direccion": "Av. Principal 123",
  "ct_codigo": "UIO"
}

Update Password (Protected)

PUT /api/ecom/auth/password

Update customer password
Update the password for the authenticated customer.
This endpoint requires authentication. Include the JWT token in the Authorization header.

Headers

Authorization
string
required
Bearer token from login response

Request Body

password
string
required
New password (minimum 8 characters)

Response

message
string
Success message

Example Request

curl -X PUT https://api.example.com/api/ecom/auth/password \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json" \
  -d '{
    "password": "newSecurePassword456"
  }'

Example Response

{
  "message": "Contraseña actualizada"
}
The new password is hashed before updating in the database. After updating, the customer must login again with the new password.

Delete Account (Protected)

DELETE /api/ecom/auth/

Delete customer account
Permanently delete the authenticated customer’s account.
This endpoint requires authentication. This action cannot be undone.

Headers

Authorization
string
required
Bearer token from login response

Response

message
string
Success message

Example Request

curl -X DELETE https://api.example.com/api/ecom/auth/ \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Example Response

{
  "message": "Usuario eliminado"
}

Authentication Flow

The typical authentication flow for e-commerce customers:
  1. Check Client Availability: Use GET /api/ecom/auth/client/:cli_ruc_ced to check if RUC/CED is available
  2. Register: Create account with POST /api/ecom/auth/register
  3. Login: Authenticate with POST /api/ecom/auth/login to receive JWT token
  4. Use Token: Include token in Authorization: Bearer {token} header for protected endpoints
  5. Access Protected Resources: Use cart, payment, and profile endpoints with the token
JWT tokens expire based on the JWT_EXPIRES_IN environment variable. When a token expires, the customer must login again to receive a new token.

Error Handling

All authentication endpoints follow standard HTTP status codes:
  • 200 OK: Request successful
  • 201 Created: Resource created successfully
  • 400 Bad Request: Invalid input data
  • 401 Unauthorized: Invalid credentials or missing/invalid token
  • 404 Not Found: Resource not found
  • 409 Conflict: Resource already exists
  • 500 Internal Server Error: Server error

Source Code Reference

Implementation details can be found in:
  • Routes: /src/routes/ecom.auth.routes.js
  • Controller: /src/controllers/ecom.auth.controller.js
  • DTOs: /src/dtos/auth.dto.js
  • Model: /src/models/auth.model.js

Build docs developers (and LLMs) love

Get started for freeTalk to us