Verify Token

​

Authentication

Authorization: Bearer <token>

x-auth-token: <token>

​

Request Example

curl -X GET https://api.meetmates.com/api/verify-token \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

curl -X GET https://api.meetmates.com/api/verify-token \
  -H "x-auth-token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

​

Response

​

Response Example

{
  "success": true,
  "message": "Token is valid",
  "user": {
    "id": "657f4d8e90c23a4567b38f91",
    "email": "[email protected]",
    "name": "John Doe"
  }
}

​

Error Responses

​

Error Codes

{
  "error": "No token provided, authorization denied"
}

​

Token Authentication Flow

1. Token Extraction: Looks for token in Authorization: Bearer <token> header or x-auth-token header
2. Token Verification: Verifies the JWT signature and expiration using the server’s secret key
3. User Lookup: Retrieves the user from the database using the ID from the token
4. Response: Returns user information (excluding password)

​

Use Cases

• Session Validation: Check if a stored token is still valid before making authenticated requests
• User Profile Loading: Retrieve current user information on app startup
• Token Refresh Logic: Determine when to prompt user for re-authentication
• Protected Route Guards: Verify authentication before allowing access to protected features

​

Notes

• The password field is excluded from the response for security
• Tokens expire after 7 days from issuance
• If the user is deleted from the database, their token becomes invalid even if not expired
• This endpoint does not extend or refresh the token expiration time