Skip to main content
All authentication endpoints are rate-limited to prevent abuse. Authentication endpoints do not require JWT tokens except for logout.

Register User

curl -X POST https://api.archive.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!",
    "firstName": "John",
    "lastName": "Doe"
  }'
Register a new user account and receive authentication tokens. Authentication Required: No Rate Limit: Auth rate limiter applied

Request Body

email
string
required
Valid email address (lowercase, trimmed)
password
string
required
Password meeting security requirements:
  • Minimum 8 characters
  • Maximum 64 characters
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • At least one special character
firstName
string
required
User’s first name (1-50 characters, trimmed)
lastName
string
required
User’s last name (1-50 characters, trimmed)

Response

message
string
Success message: “Registration successful!”
user
object
User object containing profile information
accessToken
string
JWT access token for API authentication (short-lived)
refreshToken
string
JWT refresh token for obtaining new access tokens (long-lived)

Error Responses

  • 400 Bad Request - Validation errors (invalid email, weak password, missing fields)
  • 409 Conflict - Email already registered
  • 500 Internal Server Error - Server error

Login

curl -X POST https://api.archive.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123!"
  }'
Authenticate an existing user and receive authentication tokens. Authentication Required: No Rate Limit: Auth rate limiter applied

Request Body

email
string
required
Valid email address (lowercase, trimmed)
password
string
required
User’s password

Response

message
string
Success message: “Login successful!”
user
object
User object containing profile information
accessToken
string
JWT access token for API authentication
refreshToken
string
JWT refresh token for obtaining new access tokens

Error Responses

  • 400 Bad Request - Validation errors (invalid email, missing password)
  • 401 Unauthorized - Invalid credentials
  • 500 Internal Server Error - Server error

Refresh Token

curl -X POST https://api.archive.com/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'
Obtain a new access token using a valid refresh token. Authentication Required: No (but requires valid refresh token) Rate Limit: Strict rate limiter applied

Request Body

refreshToken
string
required
Valid refresh token received from login or registration

Response

message
string
Success message: “Token refreshed successfully!”
accessToken
string
New JWT access token
refreshToken
string
New refresh token (rotation strategy)

Error Responses

  • 400 Bad Request - Missing or empty refresh token
  • 401 Unauthorized - Invalid or expired refresh token
  • 500 Internal Server Error - Server error

Logout

curl -X POST https://api.archive.com/api/auth/logout \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -d '{
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }'
Invalidate the current access token and refresh token, ending the user’s session. Authentication Required: Yes (Bearer token in Authorization header) Rate Limit: None (JWT middleware applied)

Headers

Authorization
string
required
Bearer token: Bearer {accessToken}

Request Body

refreshToken
string
required
Refresh token to invalidate (minimum 1 character)

Response

message
string
Success message: “Logout successful.”

Error Responses

  • 400 Bad Request - Missing refresh token
  • 401 Unauthorized - Missing or invalid access token
  • 500 Internal Server Error - Server error

Build docs developers (and LLMs) love

Get started for freeTalk to us