Authentication Endpoints
Sign In
Sign in with email and password to receive an authentication token.
POST /api/user/signin
Request Body
{
"email": "[email protected]",
"password": "userpassword",
"PlatformId": "123"
}
Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "user",
"status": "active"
}
}
Error Responses
// 401 Unauthorized
{
"error": "Invalid credentials"
}
// 400 Bad Request
{
"error": "Email and password are required"
}
OTP Authentication
Request a one-time password for authentication.
POST /api/user/signin-otp
Request Body
{
"email": "[email protected]",
"PlatformId": "123"
}
Response
{
"message": "OTP sent successfully",
"expiresIn": 300 // seconds
}
Verify OTP
Verify the one-time password and receive an authentication token.
POST /api/user/verify-otp
Request Body
{
"email": "[email protected]",
"otp": "123456",
"PlatformId": "123"
}
Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "user",
"status": "active"
}
}
Sign Out
Invalidate the current authentication token.
POST /api/user/signout
Headers
token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Response
{
"message": "Successfully signed out"
}
Check Authentication Status
Verify if the current token is valid and get user information.
GET /api/user/status
Headers
token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Response
{
"authenticated": true,
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"role": "user",
"status": "active"
}
}
Password Management
Request Password Reset
POST /api/user/forgot-password
Request Body
{
"email": "[email protected]",
"PlatformId": "123"
}
Response
{
"message": "Password reset instructions sent"
}
Reset Password
POST /api/user/reset-password
Request Body
{
"token": "reset-token",
"password": "newpassword"
}
Response
{
"message": "Password successfully reset"
}
Error Codes
| Status Code | Description |
|---|---|
| 400 | Bad Request - Invalid parameters |
| 401 | Unauthorized - Invalid credentials |
| 403 | Forbidden - Insufficient permissions |
| 404 | Not Found - User not found |
| 429 | Too Many Requests - Rate limit exceeded |
| 500 | Internal Server Error |
Rate Limiting
- Authentication endpoints are rate-limited to 5 requests per minute per IP
- Password reset requests are limited to 3 attempts per hour per email
- Failed login attempts are tracked and may trigger account lockouts