The users endpoint handles authentication. Submit your credentials to receive a JWT token that authorizes access to the rest of the API.
User roles Every Rakcha account is assigned one of three roles:
Role Description clientA regular end user who can browse content and purchase products. adminA platform administrator with full access to manage users, cinemas, films, series, and products. cinema_managerA cinema owner or manager responsible for managing their own cinema listings and schedules.
Authenticate a user Validates credentials and returns a signed JWT token along with the authenticated user object.
Request body The email address associated with the user’s account. Must be a valid email format.
The user’s account password.
Response — 200 OK A signed JWT bearer token. Include this value in the Authorization: Bearer <token> header on all subsequent requests.
The authenticated user object. Unique numeric identifier for the user.
The email address of the authenticated user.
The user’s role. One of client, admin, or cinema_manager.
Response — 401 Unauthorized Returned when the email or password is incorrect.
A human-readable error message describing the authentication failure.
Example request curl --request POST \ --url https://rakcha.example.com/api/users/auth \ --header 'Content-Type: application/json' \ --data '{ "email": "[email protected] ", "password": "s3cur3P@ssword" }'
Example response — 200 OK { "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOjcsImVtYWlsIjoibWFuYWdlckByYWtjaGEuZXhhbXBsZS5jb20iLCJyb2xlIjoiY2luZW1hX21hbmFnZXIiLCJpYXQiOjE3MTE1MjgwMDB9.xyz789" , "user" : { "id" : 7 , "email" : "[email protected] " , "role" : "cinema_manager" } }
Example response — 401 Unauthorized { "message" : "Invalid credentials." }
Passwords are transmitted over HTTPS and are never returned in any API response. Always store tokens securely and never expose them in client-side code or logs.