Skip to main content

Login

Authenticates a user with their email and password credentials. Upon successful authentication, returns a JWT access token and sets it as an HTTP-only cookie.

Endpoint

POST /api/auth/login

Request Body

email
string
required
User’s email address. Must be a valid email format.
password
string
required
User’s password.

Response

message
string
Success message indicating login was successful.
token
string
JWT access token for authenticated requests. This token contains the user’s ID and email.
The access token is also automatically set as an HTTP-only cookie named access_token with the following properties:
  • HttpOnly: true (prevents JavaScript access)
  • SameSite: lax
  • Path: /
  • Domain: localhost
  • Max-Age: 10 days (864000 seconds)

Example Request

curl -X POST https://api.expireeye.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "yourpassword123"
  }'

Example Response

{
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Error Responses

401 Unauthorized

Returned when the email or password is invalid. 
{
  "detail": "Invalid email or password"
}

400 Bad Request

Returned when required fields are missing. 
{
  "detail": "Email is required"
}

{
  "detail": "Password is required"
}

500 Internal Server Error

Returned when a database or server error occurs. 
{
  "detail": "Internal server error"
}

JWT Token Payload

The JWT token contains the following claims:
  • userId: The user’s unique identifier
  • email: The user’s email address
Use this token in the Authorization header for authenticated requests: 
Authorization: Bearer <token>

Build docs developers (and LLMs) love

Get started for freeTalk to us