Skip to main content
POST
/
api
/
auth
/
login
Login
curl --request POST \
  --url https://api.example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "gafete": "<string>",
  "contra": "<string>"
}
'
{
  "token": "<string>",
  "user": {
    "id": 123,
    "nombre": "<string>",
    "apellido": "<string>",
    "gafete": "<string>",
    "turno": "<string>",
    "area": "<string>",
    "tipo": "<string>"
  },
  "error": "<string>"
}

Authentication

This endpoint authenticates a user with their badge number (gafete) and password. Upon successful authentication, it returns a JWT token valid for 12 hours and creates a session record in the database.
The JWT token must be included in the Authorization header as Bearer <token> for all subsequent authenticated requests.

Request

Body Parameters

gafete
string
required
User’s badge number or employee ID
contra
string
required
User’s password (bcrypt hashed in database)

Request Example

curl -X POST http://localhost:3001/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "gafete": "admin",
    "contra": "admin123"
  }'

Response

token
string
JWT authentication token (valid for 12 hours)
user
object
Authenticated user information

Success Response Example

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 1,
    "nombre": "Juan",
    "apellido": "Pérez",
    "gafete": "admin",
    "turno": "A",
    "area": "Ensamble",
    "tipo": "admin"
  }
}

Error Responses

error
string
Error message describing what went wrong

401 Unauthorized

Returned when credentials are invalid or user is inactive. 
{
  "error": "Credenciales inválidas"
}

500 Internal Server Error

Returned when a database or server error occurs. 
{
  "error": "Database connection failed"
}

Implementation Details

Password Security: Passwords are hashed using bcrypt with 10 salt rounds. Never store or transmit plain-text passwords.
Session Management: A session record is created in the sesiones table with the token, user ID, IP address, and expiration time (12 hours from login).
Token Expiration: JWT tokens expire after 12 hours. Implement token refresh logic or re-authenticate when receiving 401 errors.

Build docs developers (and LLMs) love

Get started for freeTalk to us