Skip to main content

POST /api/login

Authenticates a user with their email and password credentials. Upon successful authentication, returns a JWT token that expires in 24 hours and the user’s profile information.

Request Body

email
string
required
The user’s registered email address
password
string
required
The user’s password

Example Request

curl -X POST http://localhost:3001/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123"
  }'

Response

message
string
Confirmation message indicating successful login
token
string
JWT authentication token valid for 24 hours. Use this token in the Authorization header for subsequent API requests.
user
object
The authenticated user’s profile information

Success Response (200 OK)

{
  "message": "Login exitoso",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiZW1haWwiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsImlhdCI6MTYzMjE1MjAwMCwiZXhwIjoxNjMyMjM4NDAwfQ.xyz123",
  "user": {
    "id": 1,
    "name": "John Doe",
    "email": "[email protected]"
  }
}

Error Responses

Implementation Details

  • JWT tokens are signed using the HS256 algorithm
  • Tokens expire after 24 hours (1 day)
  • The token payload includes the user’s ID and email
  • Password comparison uses bcrypt for secure verification
  • For security, the same error message is returned whether the email doesn’t exist or the password is incorrect
  • The user’s password is never returned in the response

Using the Authentication Token

Include the returned token in the Authorization header for subsequent API requests: 
curl -X GET http://localhost:3001/api/protected-endpoint \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Build docs developers (and LLMs) love

Get started for freeTalk to us