Authentication
Marketing
Reports
Login
curl --request POST \
--url https://api.example.com/api/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"user": {
"user_id": "<string>",
"email": "<string>",
"name": "<string>",
"surname": "<string>",
"phone": "<string>",
"address": "<string>",
"city": "<string>",
"country": "<string>",
"postal_code": "<string>",
"gender": "<string>",
"birth_date": "<string>",
"role": {},
"status": {},
"avatar": "<string>",
"document_type": {},
"document_number": "<string>",
"refresh_token": {},
"created_at": "<string>",
"updated_at": "<string>"
},
"token": "<string>"
}Authentication
Login
Authenticate a user and receive a JWT access token
POST
/
api
/
auth
/
login
Login
curl --request POST \
--url https://api.example.com/api/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"user": {
"user_id": "<string>",
"email": "<string>",
"name": "<string>",
"surname": "<string>",
"phone": "<string>",
"address": "<string>",
"city": "<string>",
"country": "<string>",
"postal_code": "<string>",
"gender": "<string>",
"birth_date": "<string>",
"role": {},
"status": {},
"avatar": "<string>",
"document_type": {},
"document_number": "<string>",
"refresh_token": {},
"created_at": "<string>",
"updated_at": "<string>"
},
"token": "<string>"
}Overview
The login endpoint authenticates users by validating their email and password credentials. Upon successful authentication, it returns a JWT token that can be used to access protected API endpoints.Authentication
This endpoint is public and does not require authentication.Request Body
The request body must be a JSON object with the following fields:User’s email address. Must be a valid email format.Validation: Validated using Zod schema
z.string().email()User’s password. Must be at least 1 character long.Validation: Validated using Zod schema
z.string().min(1)Response
User information object (excludes password field)
Show User object properties
Show User object properties
Unique user identifier (UUID, max 100 characters)
User’s email address
User’s first name
User’s last name
User’s phone number
User’s street address
User’s city
User’s country
User’s postal code
User’s gender
User’s date of birth (ISO 8601 format)
User’s role. Possible values:
ADMIN, USERUser account status. Possible values:
ON, OFFURL to user’s avatar image
Type of identification document. Possible values:
DNI, PASSPORT, NIEUser’s document number
Refresh token (if applicable)
Timestamp of account creation (ISO 8601 format)
Timestamp of last account update (ISO 8601 format)
JWT access token for authenticating subsequent API requests.Token Details:
- Signed using HS256 algorithm with
JWT_SECRETenvironment variable - Contains payload:
{ userId, email, role } - Default expiration: 24 hours
- Must be included in Authorization header as
Bearer <token>for protected endpoints
Error Responses
400 Bad Request
Status Message: “Credenciales inválidas o formato incorrecto”Returned when the request body fails Zod validation (invalid email format or missing password).
401 Unauthorized
Status Message: “Correo o contraseña incorrectos”Returned when:
- No user exists with the provided email
- The provided password does not match the stored password hash
403 Forbidden
Status Message: “Cuenta inactiva. Contacta con el administrador.”Returned when the user account status is not
ON (account is disabled).Code Examples
curl -X POST https://api.beils.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "securePassword123"
}'
Response Example
Success Response (200)
{
"user": {
"user_id": "550e8400-e29b-41d4-a716-446655440000",
"email": "[email protected]",
"name": "María",
"surname": "García",
"phone": "+34612345678",
"address": "Calle Mayor 123",
"city": "Madrid",
"country": "España",
"postal_code": "28013",
"gender": "female",
"birth_date": "1990-05-15T00:00:00.000Z",
"role": "USER",
"status": "ON",
"avatar": "https://example.com/avatars/user123.jpg",
"document_type": "DNI",
"document_number": "12345678A",
"refresh_token": null,
"created_at": "2024-01-15T10:30:00.000Z",
"updated_at": "2024-03-01T14:22:00.000Z"
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI1NTBlODQwMC1lMjliLTQxZDQtYTcxNi00NDY2NTU0NDAwMDAiLCJlbWFpbCI6InVzZXJAZXhhbXBsZS5jb20iLCJyb2xlIjoiVVNFUiIsImlhdCI6MTcwOTMwNDEyMCwiZXhwIjoxNzA5MzkwNTIwfQ.example_signature"
}
Error Response (401)
{
"statusCode": 401,
"statusMessage": "Correo o contraseña incorrectos"
}
Error Response (403)
{
"statusCode": 403,
"statusMessage": "Cuenta inactiva. Contacta con el administrador."
}
Implementation Details
Password Verification
Passwords are hashed using bcrypt and verified withbcrypt.compare(). The original password is never returned in responses.
Source: server/api/auth/login.post.ts:46
JWT Token Generation
Tokens are generated using thesignToken utility function from server/utils/jwt.ts:
const token = signToken({
userId: user.user_id,
email: user.email,
role: user.role
});
server/api/auth/login.post.ts:56
Request Validation Schema
The endpoint uses the following Zod schema for validation:const loginSchema = z.object({
email: z.string().email(),
password: z.string().min(1),
});
server/api/auth/login.post.ts:7-10
Next Steps
After obtaining a token, you can:- Store the token securely (localStorage, sessionStorage, or HTTP-only cookie)
- Include it in the Authorization header for protected endpoints
- Use the
/api/auth/meendpoint to retrieve current user information
⌘I
Build docs developers (and LLMs) love
Assistant
Responses are generated using AI and may contain mistakes.