Skip to main content
POST
/
api
/
auth
/
login
Login User
curl --request POST \
  --url https://api.example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'
{
  "success": true,
  "message": "<string>",
  "data": {
    "data.User": {
      "data.User.email": "<string>",
      "data.User.role": "<string>",
      "data.User.profile": {},
      "data.User.invitedBy": "<string>",
      "data.User.isProfileComplete": true,
      "data.User.createdAt": "<string>"
    },
    "data.token": "<string>"
  }
}

Endpoint

POST /api/auth/login

Authentication

No authentication required. This is a public endpoint.

Request Body

email
string
required
User’s registered email address.
password
string
required
User’s password.

Example Request

curl -X POST https://api.yourchurch.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securePassword123"
  }'

Response

success
boolean
Indicates whether the login was successful.
message
string
Human-readable message describing the result.
data
object
Contains user information and authentication token.
data.User
object
User information object.
data.User.email
string
User’s email address.
data.User.role
string
User’s role in the system (pastor or member).
data.User.profile
object
User’s profile information fetched from the profile collection.
data.User.invitedBy
string
Email of the user who invited this user (if applicable).
data.User.isProfileComplete
boolean
Indicates whether the user has completed their profile setup.
data.User.createdAt
string
Timestamp of when the user account was created.
data.token
string
JWT authentication token valid for 1 hour. Use this token in the Authorization header for protected endpoints.

Success Response (200 OK)

{
  "success": true,
  "message": "Login Successful",
  "data": {
    "User": {
      "email": "[email protected]",
      "role": "member",
      "profile": {
        "name": "John Doe",
        "phoneNumber": "+1234567890",
        "address": "123 Church St"
      },
      "invitedBy": "[email protected]",
      "isProfileComplete": true,
      "createdAt": "2024-01-15T10:30:00.000Z"
    },
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

Error Responses

400 Bad Request - Invalid Credentials

Returned when the email exists but the password is incorrect. 
{
  "success": false,
  "message": "Log in not Successful",
  "data": "Incorrect Email or Password"
}

404 Not Found - User Not Found

Returned when no user exists with the provided email address. 
{
  "success": false,
  "message": "Log in not Successful",
  "data": "User with email [email protected] not found"
}

500 Internal Server Error

Returned when an unexpected error occurs during login. 
{
  "success": false,
  "message": "Login not successful",
  "data": "Error details"
}

Token Usage

After successful login, use the returned JWT token in the Authorization header for protected endpoints: 
curl -X GET https://api.yourchurch.com/api/protected-endpoint \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Notes

  • The JWT token expires after 1 hour
  • The token contains the user’s ID and role for authorization purposes
  • Password comparison is done securely using bcrypt
  • The user’s profile information is automatically fetched and included in the response
  • Token signing uses the JWT_SECRET environment variable

Build docs developers (and LLMs) love

Get started for freeTalk to us