Skip to main content
POST
/
auth
/
signin
Sign In
curl --request POST \
  --url https://api.example.com/auth/signin \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'
{
  "message": "<string>",
  "user": {
    "id": "<string>",
    "email": "<string>",
    "role": "<string>"
  },
  "access_token": "<string>",
  "refresh_token": "<string>",
  "expires_in": 123
}
Authenticates a user and returns access and refresh tokens. This is a public endpoint that does not require authentication.

Request Body

email
string
required
User’s email address. Must be a valid email format.
password
string
required
User’s password. Must be at least 6 characters long.

Response

message
string
Success message indicating login status.
user
object
The authenticated user object.
access_token
string
JWT access token for authenticating subsequent requests.
refresh_token
string
Refresh token for obtaining new access tokens.
expires_in
number
Number of seconds until the access token expires.

Example

curl -X POST https://api.yourapp.com/auth/signin \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

Response Examples

{
  "message": "Login successful",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "role": "user"
  },
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "8f9a7b6c5d4e3f2a1b0c9d8e7f6a5b4c",
  "expires_in": 3600
}

Notes

  • This endpoint is public and does not require authentication.
  • The access token should be included in the Authorization header for subsequent authenticated requests.
  • Use the format: Authorization: Bearer {access_token}
  • The refresh token can be used to obtain a new access token when the current one expires.
  • Failed login attempts may be rate-limited to prevent brute force attacks.

Build docs developers (and LLMs) love

Get started for freeTalk to us