Request Body
The username of the account to authenticate.
The password for the account. Will be compared against the stored bcrypt hash.
Response
Success message indicating login was successful.
JWT token for authentication. Valid for 72 hours. Include this in the Authorization header as Bearer <token> for protected endpoints.
The authenticated user’s information.The user’s email address.
The JWT token contains claims for userID, username, and expiration time (exp). Tokens are signed using HS256 with the server’s JWT_SECRET.
Error Responses
Returned when request validation fails or required fields are missing.{
"error": "Key: 'loginRequest.Username' Error:Field validation for 'Username' failed on the 'required' tag"
}
401 Unauthorized - Invalid Credentials
Returned when the username doesn’t exist or the password is incorrect.{
"error": "Invalid username or password"
}
For security reasons, the same error message is returned for both non-existent users and incorrect passwords.
500 Internal Server Error
Returned when JWT token generation fails.{
"error": "Failed to generate token"
}
Example Request
curl -X POST https://api.defdrive.com/api/login \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"password": "securePassword123"
}'
Example Response
{
"message": "Login successful",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTA3NTQ4MDAsInVzZXJJRCI6MSwidXNlcm5hbWUiOiJqb2huZG9lIn0.XYZ123...",
"user": {
"id": 1,
"username": "johndoe",
"email": "[email protected]",
"name": "John Doe"
}
}
Using the Token
After successful login, include the JWT token in the Authorization header for all protected endpoints:
curl -X GET https://api.defdrive.com/api/user/limits \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Tokens expire after 72 hours. The client should handle 401 responses and prompt the user to log in again.