Overview The authentication system uses JWT (JSON Web Tokens) for secure API access. All protected endpoints require a valid JWT token in the Authorization header.
Authorization : Bearer <your_jwt_token>
Tokens expire after 24 hours and must be refreshed by logging in again.
Sign Up curl -X POST https://api.yourapp.com/api/signup \ -H "Content-Type: application/json" \ -d '{ "username": "johndoe", "email": "[email protected] ", "password": "secure123", "full_name": "John Doe" }'
Create a new user account.
Username (3-20 characters, alphanumeric and underscores only)
Password (minimum 6 characters)
Whether registration was successful
Success Response
Error Response
{ "success" : true , "message" : "Registration successful" , "user" : { "id" : 123 , "username" : "johndoe" , "email" : "[email protected] " , "full_name" : "John Doe" } }
Login curl -X POST https://api.yourapp.com/api/login \ -H "Content-Type: application/json" \ -d '{ "username": "johndoe", "password": "secure123" }'
Authenticate and receive a JWT token.
Username (3-20 characters)
Whether login was successful
JWT access token (valid for 24 hours)
Authenticated user details
Success Response
Error Response
{ "success" : true , "message" : "Login successful" , "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "user" : { "id" : 123 , "username" : "johndoe" , "email" : "[email protected] " , "full_name" : "John Doe" } }
Logout curl -X POST https://api.yourapp.com/api/logout \ -H "Authorization: Bearer <your_token>"
End the current session.
{ "message" : "Logged out successfully" }
Forgot Password curl -X POST https://api.yourapp.com/api/forgot-password \ -H "Content-Type: application/json" \ -d '{"email": "[email protected] "}'
Request a password reset link. A secure token is generated and emailed to the user (expires in 15 minutes).
Always true (to prevent email enumeration)
{ "success" : true , "message" : "If that email is registered, you'll receive a reset link shortly." }
This endpoint always returns success to prevent email enumeration attacks.
Reset Password curl -X POST https://api.yourapp.com/api/reset-password \ -H "Content-Type: application/json" \ -d '{ "token": "secure_reset_token_here", "new_password": "newSecurePass123" }'
Reset password using the token from the email link.
Reset token from email (48-character secure token)
New password (minimum 6 characters)
Whether password reset was successful
Success Response
Error - Expired Token
Error - Invalid Token
{ "success" : true , "message" : "Password updated successfully. You can now log in." }
Reset tokens are single-use and expire after 15 minutes.
Get Profile Retrieve the authenticated user’s profile information.
Response User profile object with all fields (username, email, full_name, skills, etc.)
Update Profile Update the authenticated user’s profile information.
Request Body Response { "success" : true , "message" : "Profile updated successfully" }
Error Responses All authentication endpoints may return these error codes:
Status Code Description 400Bad request (validation error) 401Unauthorized (invalid credentials or expired token) 500Internal server error
Example Error Response { "error" : "Invalid or expired token" }