Skip to main content

Overview

The platform uses JWT (JSON Web Token) based authentication to secure your account and sessions. All authenticated requests include a Bearer token in the Authorization header.

Sign Up Process

1

Create your account

Navigate to the sign-up page and provide the following required information:Required Fields:
  • Username: 3-20 characters, letters, numbers, and underscores only
  • Email: Valid email address format
  • Password: Minimum 6 characters
  • Full Name: Your display name (optional but recommended)
The system validates your input in real-time and prevents duplicate usernames or emails.
POST /api/signup
{
  "username": "john_doe",
  "email": "[email protected]",
  "password": "securepass123",
  "full_name": "John Doe"
}
2

Receive your access token

Upon successful registration, you’ll receive:
  • A JWT access token for API authentication
  • Your user profile information
  • Automatic login to the platform
The access token is used for all subsequent authenticated requests.
3

Complete your profile

After signing up, complete your profile by adding:
  • Phone number
  • Years of experience
  • Technical skills
  • Resume (required for interview preparation)
See Profile Setup for detailed instructions.

Login Flow

1

Enter credentials

Provide your username and password at the login page.
POST /api/login
{
  "username": "john_doe",
  "password": "securepass123"
}
2

Receive access token

On successful authentication:
  • JWT token is generated with your user ID
  • Token includes expiration time for security
  • Your session is established
Response:
{
  "success": true,
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": 1,
    "username": "john_doe",
    "email": "[email protected]",
    "full_name": "John Doe"
  }
}
3

Use the token

Include the token in all API requests:
Authorization: Bearer <your-token>
The token is automatically validated on each request to protected endpoints.

Password Reset

If you forget your password, you can reset it using the two-step recovery process:
1

Request password reset

Submit your registered email address:
POST /api/forgot-password
{
  "email": "[email protected]"
}
For security, the system always returns a success message regardless of whether the email exists (prevents email enumeration attacks).
2

Check your email

If your email is registered, you’ll receive a password reset link containing a secure token.Important:
  • The reset token expires in 15 minutes
  • Tokens can only be used once
  • Each new request invalidates previous tokens
3

Set new password

Click the link in your email and enter a new password:
POST /api/reset-password
{
  "token": "<token-from-email>",
  "new_password": "newSecurePass456"
}
Password requirements:
  • Minimum 6 characters
  • Should be unique and not previously used

Session Management

Token Lifecycle

Your JWT token:
  • Is issued upon login or signup
  • Contains your user ID and expiration time
  • Is signed with HS256 algorithm for security
  • Must be refreshed after expiration

Token Validation

Every protected API endpoint validates your token:
  1. Checks for Authorization: Bearer <token> header
  2. Verifies token signature using the secret key
  3. Checks token expiration
  4. Loads your user data from the database
  5. Attaches user to request context (g.current_user)
Common Error Responses: 
// Missing or invalid header
{
  "error": "Missing or invalid Authorization header"
}

// Expired or invalid token
{
  "error": "Invalid or expired token"
}

// User not found
{
  "error": "User not found"
}

Security Best Practices

Keep your token secure:
  • Never share your access token
  • Store tokens securely in your client application
  • Log out when using shared devices
  • Request a new token if you suspect compromise
Tokens are stored in the reset_token field of the User model with an expiration timestamp in reset_token_expiry. These are automatically cleared after successful password reset.

Next Steps

After authentication:

Complete Profile

Set up your profile with skills and experience

Upload Resume

Upload your resume for personalized interview prep

Start Interview

Begin your first mock interview session

Track Progress

Monitor your improvement over time

Build docs developers (and LLMs) love

Get started for freeTalk to us