POST /api/v1/auth/login
Authenticate a user and receive a JWT access token.
Tenant identifier for multi-tenant authentication. If not provided, uses legacy mode.
Must be application/x-www-form-urlencoded
Request Body (Form Data)
Username or email address. The system accepts both and searches case-insensitively.
User password (minimum 6 characters)
OAuth2 grant type. Default: password
OAuth2 scope (not currently used)
Response
JWT access token valid for 480 minutes (8 hours)
Token type, always returns "bearer"
User information object
Primary role (admin takes precedence if present)
List of all assigned role names
curl -X POST "https://api.vigia.com/api/v1/auth/login" \
-H "X-Tenant: acme-pharma" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "[email protected]" \
-d "password=SecurePass123"
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjMiLCJ1aWQiOjEyMywidXNlcm5hbWUiOiJqdWFuLnBlcmV6IiwiZW1haWwiOiJqdWFuLnBlcmV6QGV4YW1wbGUuY29tIiwicm9sZSI6ImFkbWluIiwicm9sZXMiOlsiYWRtaW4iLCJxZiJdLCJ0ZW5hbnQiOiJhY21lLXBoYXJtYSIsInRyYWNlIjoiYWJjZDEyMzQiLCJleHAiOjE3MDk4NTYwMDB9.signature",
"token_type": "bearer",
"user": {
"id": 123,
"username": "juan.perez",
"email": "[email protected]",
"role": "admin",
"roles": ["admin", "qf"]
}
}
GET /api/v1/auth/me
Retrieve detailed information about the currently authenticated user.
Bearer token obtained from login endpointFormat: Bearer <token>
Tenant identifier (extracted from token if not provided)
Response
Primary role (admin prioritized)
List of all assigned role names
Custom permissions object (module-specific permissions)
Whether the user account is active
Associated employee ID from HR module
curl -X GET "https://api.vigia.com/api/v1/auth/me" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "X-Tenant: acme-pharma"
{
"id": 123,
"email": "[email protected]",
"username": "juan.perez",
"full_name": "Juan Pérez García",
"role": "admin",
"roles": ["admin", "qf"],
"permissions": {
"icsr": {
"view": true,
"edit": true,
"delete": true
},
"reports": {
"view": true,
"generate": true
}
},
"is_active": true,
"empleado_id": 456
}
GET /api/v1/auth/whoami
Get basic information about the current user (lightweight version of /me).
Response
Primary role (first role in list)
List of assigned role names
curl -X GET "https://api.vigia.com/api/v1/auth/whoami" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
{
"id": 123,
"username": "juan.perez",
"email": "[email protected]",
"full_name": "Juan Pérez García",
"role": "admin",
"roles": ["admin", "qf"],
"empleado_id": 456
}
POST /api/v1/auth/change-password
Change the password for the currently authenticated user.
Request Body
Current password for verification
New password (minimum 6 characters)
Response
Success indicator, always true on success
curl -X POST "https://api.vigia.com/api/v1/auth/change-password" \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-d '{
"current_password": "OldPassword123",
"new_password": "NewSecurePass456"
}'
POST /api/v1/auth/reset-password
Reset a user’s password (admin/development endpoint).
This endpoint is intended for administrative use and development/testing. In production, this should be restricted to admin users only.
Tenant identifier (required for this endpoint)
Request Body
Email address of the user whose password should be reset
New password to set (minimum 6 characters)
Response
Email of the user whose password was reset
Tenant where the operation was performed
curl -X POST "https://api.vigia.com/api/v1/auth/reset-password" \
-H "X-Tenant: acme-pharma" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"new_password": "NewPassword123"
}'
Common Error Codes
All authentication endpoints may return these standard HTTP status codes:
| Status Code | Description |
|---|
| 200 | Success |
| 401 | Unauthorized (invalid credentials or token) |
| 403 | Forbidden (inactive user or no roles) |
| 404 | Not Found (user not found) |
| 422 | Unprocessable Entity (validation error) |
| 500 | Internal Server Error |
Token Usage Example
After obtaining a token from the login endpoint, use it in all subsequent requests:
Complete Authentication Flow
import requests
# 1. Login
login_response = requests.post(
"https://api.vigia.com/api/v1/auth/login",
headers={"X-Tenant": "acme-pharma"},
data={
"username": "[email protected]",
"password": "SecurePass123"
}
)
token = login_response.json()["access_token"]
# 2. Use token for authenticated requests
headers = {
"Authorization": f"Bearer {token}",
"X-Tenant": "acme-pharma"
}
# 3. Get current user info
user_info = requests.get(
"https://api.vigia.com/api/v1/auth/me",
headers=headers
).json()
# 4. Make other API calls
icsrs = requests.get(
"https://api.vigia.com/api/v1/icsrs",
headers=headers
).json()