Login

curl --request POST \
  --url https://api.example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'

{
  "user": {
    "id": "<string>",
    "email": "<string>",
    "firstName": "<string>",
    "lastName": "<string>",
    "currency": "<string>",
    "role": "<string>",
    "avatarUrl": {}
  },
  "token": "<string>",
  "401 Unauthorized": {},
  "400 Bad Request": {}
}

POST

api

auth

curl --request POST \
  --url https://api.example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'

{
  "user": {
    "id": "<string>",
    "email": "<string>",
    "firstName": "<string>",
    "lastName": "<string>",
    "currency": "<string>",
    "role": "<string>",
    "avatarUrl": {}
  },
  "token": "<string>",
  "401 Unauthorized": {},
  "400 Bad Request": {}
}

Request Body

string

required

User’s registered email address. Must be a valid email format.

password

string

required

User’s password.

Response

user

object

The authenticated user object

Show user properties

string

Unique user identifier (UUID)

string

User’s email address

firstName

string

User’s first name

lastName

string

User’s last name

currency

string

User’s preferred currency

role

string

User’s role (e.g., “USER”, “ADMIN”)

avatarUrl

string | null

URL to user’s avatar image

token

string

JWT authentication token for the user session

Example Request

curl -X POST https://api.yourfinanceapp.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!"
  }'

Example Response

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "firstName": "John",
    "lastName": "Doe",
    "currency": "USD",
    "role": "USER",
    "avatarUrl": "https://lh3.googleusercontent.com/a/example"
  },
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAiLCJlbWFpbCI6ImpvaG4uZG9lQGV4YW1wbGUuY29tIiwicm9sZSI6IlVTRVIiLCJpYXQiOjE3MDk1NjE2MDB9.abc123def456"
}

Error Responses

401 Unauthorized

error

Invalid credentials - wrong email or password

{
  "statusCode": 401,
  "message": "Credenciales inválidas",
  "error": "Unauthorized"
}

400 Bad Request

error

Validation error - invalid email format or missing fields

{
  "statusCode": 400,
  "message": [
    "email must be an email",
    "password must be a string"
  ],
  "error": "Bad Request"
}

Additional Information

The login endpoint:

Validates credentials against hashed passwords using bcrypt
Returns the same error message for non-existent users and incorrect passwords to prevent user enumeration
Generates a new JWT token containing user ID, email, and role
Works only for users registered with LOCAL auth provider (email/password)
Users registered via Google OAuth must authenticate through the Google flow

The returned JWT token should be stored securely and included in the Authorization header as Bearer {token} for authenticated requests.

Get Profile

⌘I

Build docs developers (and LLMs) love

Get started for free Talk to us

Authentication

Transactions

Categories

Accounts

Users

Budgets

Reports

Admin

Request Body

Response

Example Request

Example Response

Error Responses

Additional Information

Build docs developers (and LLMs) love

Authentication

Transactions

Categories

Accounts

Users

Budgets

Reports

Admin

​Request Body

​Response

​Example Request

​Example Response

​Error Responses

​Additional Information

Build docs developers (and LLMs) love

Request Body

Response

Example Request

Example Response

Error Responses

Additional Information