Skip to main content

POST /api/login

Authenticates a user and sets an HTTP-only cookie for session management.

Headers

Authorization
string
required
Bearer token from Firebase authenticationFormat: Bearer <firebase_jwt_token>

Authentication

This endpoint uses Firebase JWT authentication. The JWT token is validated against:
  • Issuer: https://securetoken.google.com/nxtspec
  • Audience: nxtspec
  • Authority: https://securetoken.google.com/nxtspec

Behavior

  1. Validates the Firebase JWT token from the Authorization header
  2. Extracts user information from the token
  3. Creates a new user record if the user doesn’t exist in the database
  4. Sets an HTTP-only secure cookie named access_token with the JWT token

Response

status
number
HTTP status code: 200 for success, 400 for bad request

Examples

curl -X POST https://api.pricesignal.app/api/login \
  -H "Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjFmODhiODE0..." \
  -H "Content-Type: application/json"
The access_token cookie is set with the following properties:
  • HttpOnly: true (prevents JavaScript access)
  • Secure: true (only sent over HTTPS)
  • SameSite: Strict (prevents CSRF attacks)
The JWT token is stored in a secure HTTP-only cookie, making it inaccessible to JavaScript and protecting against XSS attacks.

POST /api/logout

Logs out the current user by deleting the authentication cookie.

Authentication

No authentication required. The endpoint simply deletes the access_token cookie if it exists.

Response

status
number
HTTP status code: 200 for success

Examples

curl -X POST https://api.pricesignal.app/api/logout \
  -H "Content-Type: application/json" \
  --cookie "access_token=your_token_here"
After logout, the access_token cookie is deleted from the client. Any subsequent authenticated requests will fail until the user logs in again.

Build docs developers (and LLMs) love

Get started for freeTalk to us