Overview
The Authentication API provides endpoints for user registration, login, and retrieving the current user’s information. All authentication uses JWT (JSON Web Tokens) for secure session management.
POST /api/auth/register
Register a new user account.
Request
Method: POST
Path: /api/auth/register
Authentication: None required
Headers:
Content-Type: application/json
Body Parameters:
User’s email address. Must be unique.
User’s password. Will be hashed using bcrypt.
Response
User object containing user detailsUser’s role (default: “customer”)
Account creation timestamp
JWT access token for authenticated requests
Example
curl -X POST http://localhost:5000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "securePassword123",
"name": "John Doe"
}'
{
"message": "User registered successfully",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "customer",
"created_at": "2024-01-15T10:30:00",
"updated_at": "2024-01-15T10:30:00"
},
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Error Responses
400 Bad Request - Missing required fields:
{
"error": "Missing required fields: email, password, name"
}
{
"error": "Email already registered"
}
POST /api/auth/login
Authenticate an existing user.
Request
Method: POST
Path: /api/auth/login
Authentication: None required
Headers:
Content-Type: application/json
Body Parameters:
User’s registered email address
Response
User object containing user details (same structure as registration)
JWT access token for authenticated requests
Example
curl -X POST http://localhost:5000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "securePassword123"
}'
{
"message": "Login successful",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "customer",
"created_at": "2024-01-15T10:30:00",
"updated_at": "2024-01-15T10:30:00"
},
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Error Responses
400 Bad Request - Missing required fields:
{
"error": "Missing required fields: email, password"
}
{
"error": "Invalid email or password"
}
GET /api/auth/me
Get the current authenticated user’s information.
Request
Method: GET
Path: /api/auth/me
Authentication: JWT token required
Headers:
Authorization: Bearer <access_token>
Response
User object containing current user’s detailsAccount creation timestamp
Example
curl -X GET http://localhost:5000/api/auth/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
{
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "customer",
"created_at": "2024-01-15T10:30:00",
"updated_at": "2024-01-15T10:30:00"
}
}
Error Responses
401 Unauthorized - Missing or invalid token:
{
"msg": "Missing Authorization Header"
}
{
"error": "User not found"
}
Authentication Flow
- Register a new account using
/api/auth/register or login with existing credentials using /api/auth/login
- Save the
access_token from the response
- Include the token in the
Authorization header for all protected endpoints:
Authorization: Bearer <access_token>
- Use
/api/auth/me to verify the token and retrieve current user information