Overview
The Authentication API provides endpoints for user registration, login, logout, and profile management. Most endpoints require JWT authentication via cookies or Authorization header.
Register User
Create a new user account.
Access: Public
Request Body
User’s email address (will be converted to lowercase)
User’s password (minimum 6 characters)
User role: Admin, Manager, or Worker (defaults to Worker)
Response
Indicates if the request was successful
Example Request
{
"name": "John Doe",
"email": "[email protected]",
"password": "securepass123",
"role": "Worker"
}
Example Response
{
"success": true,
"message": "User registered successfully",
"data": {
"user": {
"_id": "65a1234567890abcdef12345",
"name": "John Doe",
"email": "[email protected]",
"role": "Worker",
"isActive": true
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
Login User
Authenticate and login a user.
Access: Public
Request Body
Response
Same structure as register endpoint.
Example Request
Example Response
{
"success": true,
"message": "Login successful",
"data": {
"user": {
"_id": "65a1234567890abcdef12345",
"name": "John Doe",
"email": "[email protected]",
"role": "Worker",
"isActive": true
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
Logout User
Logout the current user by clearing the authentication cookie.
Access: Private (requires authentication)
Response
{
"success": true,
"message": "Logout successful",
"data": null
}
Get Current User
Get the profile of the currently authenticated user.
Access: Private (requires authentication)
Response
Indicates if the request was successful
User object with id, name, email, role, and isActive fields
Example Response
{
"success": true,
"message": "User profile fetched successfully",
"data": {
"user": {
"_id": "65a1234567890abcdef12345",
"name": "John Doe",
"email": "[email protected]",
"role": "Worker",
"isActive": true
}
}
}
Update Profile
Update the current user’s name and/or email.
Access: Private (requires authentication)
Request Body
New email address (optional, must be unique)
Example Request
Example Response
{
"success": true,
"message": "Profile updated successfully",
"data": {
"user": {
"_id": "65a1234567890abcdef12345",
"name": "John Smith",
"email": "[email protected]",
"role": "Worker",
"isActive": true
}
}
}
Change Password
Change the current user’s password.
Access: Private (requires authentication)
Request Body
New password (minimum 6 characters)
Example Request
{
"currentPassword": "securepass123",
"newPassword": "newsecurepass456"
}
Example Response
{
"success": true,
"message": "Password changed successfully",
"data": null
}
Error Responses
All authentication endpoints may return the following error responses:
400 Bad Request
{
"success": false,
"message": "Please provide all required fields"
}
401 Unauthorized
{
"success": false,
"message": "Invalid email or password"
}
403 Forbidden
{
"success": false,
"message": "Your account has been deactivated. Please contact admin."
}
500 Internal Server Error
{
"success": false,
"message": "Error during login"
}