Skip to main content

POST /api/auth/login

Authenticates a user with email and password and returns access tokens along with user information.

Authentication

No authentication required.

Request Body

email
string
required
The user’s email address
password
string
required
The user’s password

Response Fields

user
object
User information object
user.id
string
Unique user identifier
user.email
string
User’s email address
user.nombre
string
User’s full name
user.rol
string
User’s role in the system
access_token
string
JWT access token for API authentication
refresh_token
string
JWT refresh token for obtaining new access tokens
expires_at
number
Unix timestamp when the access token expires
expires_in
number
Number of seconds until the access token expires (default: 3600)

Example Request

curl -X POST https://api.example.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

Example Response

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "[email protected]",
    "nombre": "Juan Pérez",
    "rol": "admin"
  },
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": 1709564400,
  "expires_in": 3600
}

Error Responses

400 Bad Request

Missing required fields: 
{
  "error": "Email y contraseña son requeridos"
}
Invalid credentials: 
{
  "error": "Invalid login credentials"
}

404 Not Found

User not found in database: 
{
  "error": "Usuario no encontrado en la base de datos"
}

500 Internal Server Error

{
  "error": "Error en el servidor"
}
The access token should be included in the Authorization header as Bearer <token> for subsequent API requests.
Store the refresh token securely. It should only be used to obtain new access tokens when the current one expires.

Build docs developers (and LLMs) love

Get started for freeTalk to us