Intercode SaaS Kit
  • Welcome to SaaS Starter Kit
  • Getting Started
    • Technology stack
    • Database Setup
    • Local Environment Setup
  • Basics
    • Dependencies
    • App architecture
    • Deployment
    • App roles
    • Endpoints List
      • Auth
      • Two Factor Auth
      • Businesses
      • Demo
      • Email
      • Export Document
      • Email Files
      • Files Demo
      • Leads
      • Orders
      • Payments
      • Subscriptions
      • Teams
      • Team Memberships
      • User Admin
  • Animation and Styles
    • Framer Motion
    • Ant Design and Styles
  • Pages
    • Auth
      • Working with PassportJS
      • Two-Factor Auth
      • OAuth Providers
    • Leads
    • Businesses
    • Team management
      • Ownership
    • Profile
    • User Settings
      • App Tour
    • App Settings
      • Lead Statuses
    • Dashboard
      • Lead volume widget
      • Doughnut chart widget
      • Recent leads table widget
      • Lead count over period widget
    • Demo
  • Features
    • Impersonation
    • Subscriptions (Stripe)
    • Search
    • Sentry
    • Captcha
    • Audit Logs
    • Internationalization
  • External integrations
    • Mailer
    • Google oAuth2
    • Facebook oAuth2
    • S3 compatible storage (AWS, MinIO)
Powered by GitBook
On this page
  1. Basics
  2. Endpoints List

Auth

This page describes all endpoint in Auth Controller

PreviousEndpoints ListNextTwo Factor Auth

Last updated 6 months ago

GET

POST

Gets the profile of the authenticated user.

get
Responses
200
User profile retrieved successfully
application/json
401
Unauthorized
application/json
get
GET /auth/me HTTP/1.1
Host: 
Accept: */*

{
  "id": 1,
  "email": "user.email@gmail.com",
  "firstName": "John",
  "lastName": "Doe",
  "roles": [
    "User"
  ],
  "isTwoFactorEnable": true,
  "photo": "https://example.com/photo.jpg"
}
  • GET
  • GETGets the profile of the authenticated user.
  • POST
  • POSTAuthenticates a user, verifies their captchaToken, and returns tokens for session management along with their two-factor authentication status.
  • POSTRegisters a new user with email and password and returns tokens for session management.
  • POSTAuthenticates a user using Google OAuth and returns tokens for session management.
  • POSTRegisters a new user using Google OAuth and returns tokens for session management.
  • POSTAuthenticates a user using Facebook OAuth and returns tokens for session management.
  • POSTRegisters a new user using Facebook OAuth and returns tokens for session management.
  • POSTRefreshes the access token using a valid refresh token.
  • POSTInitiates the password reset process by sending a reset link to the user's email.
  • POSTValidates the restore token to ensure it is still valid and has not expired.
  • POSTValidates the invitation token to ensure it is still valid and has not expired.
  • POSTRestores the user's password using a valid restore token.
  • POSTCompletes the invitation process by setting the user's password and activating the account.
  • POSTChanges the user's active team and returns new tokens for session management.

Authenticates a user, verifies their captchaToken, and returns tokens for session management along with their two-factor authentication status.

post
Body
captchaTokenstringOptionalExample: captcha_token
Responses
200
Successful authentication
application/json
400
Invalid captcha token or authentication failure
application/json
post
POST /auth/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 102

{
  "credentials": {
    "email": "user.email@gmail.com",
    "password": "user12345"
  },
  "captchaToken": "captcha_token"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Registers a new user with email and password and returns tokens for session management.

post
Body
emailstringOptionalExample: user.email@gmail.com
passwordstringOptionalExample: user12345
firstNamestringOptionalExample: John
lastNamestringOptionalExample: Doe
Responses
201
User successfully registered
application/json
400
Invalid input or user already exists
application/json
403
Account was deleted
application/json
post
POST /auth/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 91

{
  "email": "user.email@gmail.com",
  "password": "user12345",
  "firstName": "John",
  "lastName": "Doe"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Authenticates a user using Google OAuth and returns tokens for session management.

post
Body
tokenstringOptionalExample: google_oauth_token
Responses
200
Successful authentication
application/json
400
To proceed, please sign up.
application/json
post
POST /auth/google/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "token": "google_oauth_token"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Registers a new user using Google OAuth and returns tokens for session management.

post
Body
tokenstringOptionalExample: google_oauth_token
Responses
201
User successfully registered
application/json
400
OAuth provider account already exists
application/json
403
Account was deleted
application/json
post
POST /auth/google/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "token": "google_oauth_token"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Authenticates a user using Facebook OAuth and returns tokens for session management.

post
Body
tokenstringOptionalExample: facebook_oauth_token
Responses
200
Successful authentication
application/json
400
To proceed, please sign up.
application/json
post
POST /auth/facebook/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "token": "facebook_oauth_token"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Registers a new user using Facebook OAuth and returns tokens for session management.

post
Body
tokenstringOptionalExample: facebook_oauth_token
Responses
201
User successfully registered
application/json
400
OAuth provider account already exists
application/json
403
Account was deleted
application/json
post
POST /auth/facebook/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "token": "facebook_oauth_token"
}
{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Refreshes the access token using a valid refresh token.

post
Body
refreshTokenstringOptionalExample: valid_refresh_token
Responses
200
Tokens refreshed successfully
application/json
401
Unauthorized
application/json
post
POST /auth/refresh-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 38

{
  "refreshToken": "valid_refresh_token"
}
{
  "accessToken": "new_access_token",
  "refreshToken": "new_refresh_token",
  "isTwoFactorEnable": true
}

Initiates the password reset process by sending a reset link to the user's email.

post
Body
emailstringOptionalExample: user.email@gmail.com
Responses
200
Password reset link sent successfully
application/json
ResponseanyExample: {"message":"Password restoration email send","description":"Check your email for further instructions on how to change your password."}
400
User is not registered
application/json
post
POST /auth/forgot-password HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "email": "user.email@gmail.com"
}
{
  "message": "Password restoration email send",
  "description": "Check your email for further instructions on how to change your password."
}

Validates the restore token to ensure it is still valid and has not expired.

post
Body
tokenstringOptionalExample: valid_restore_token
Responses
200
Token is valid
application/json
ResponseanyExample: true
400
Validation failed
application/json
post
POST /auth/validate-restore-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "token": "valid_restore_token"
}
true

Validates the invitation token to ensure it is still valid and has not expired.

post
Body
tokenstringOptionalExample: valid_invitation_token
Responses
200
Token is valid
application/json
ResponseanyExample: true
400
Validation failed
application/json
post
POST /auth/validate-invitation-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 34

{
  "token": "valid_invitation_token"
}
true

Restores the user's password using a valid restore token.

post
Body
newPasswordstringRequiredExample: newSecurePassword123
tokenstringRequiredExample: someRandomToken123
Responses
200
Password restored successfully
application/json
ResponseanyExample: {"message":"Password restored successfully","description":"Your password has been changed successfully."}
400
Validation failed
application/json
500
Internal server error
application/json
post
POST /auth/restore-password HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 67

{
  "newPassword": "newSecurePassword123",
  "token": "someRandomToken123"
}
{
  "message": "Password restored successfully",
  "description": "Your password has been changed successfully."
}

Completes the invitation process by setting the user's password and activating the account.

post
Body
newPasswordstringRequired

New password for the user

Example: newSecurePassword123
tokenstringRequired

Token for registration completion

Example: someRandomToken123
firstNamestringRequired

First name of the user

Example: John
lastNamestringRequired

Last name of the user

Example: Doe
Responses
200
Invitation finished successfully
application/json
ResponseanyExample: {"message":"Invitation finished successfully","description":"Your account has been activated and your password has been set successfully."}
400
Validation failed
application/json
500
Internal server error
application/json
post
POST /auth/finish-invitation HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 103

{
  "newPassword": "newSecurePassword123",
  "token": "someRandomToken123",
  "firstName": "John",
  "lastName": "Doe"
}
{
  "message": "Invitation finished successfully",
  "description": "Your account has been activated and your password has been set successfully."
}

Changes the user's active team and returns new tokens for session management.

post
Body
teamIdstringOptionalExample: team_id
Responses
200
Team changed successfully
application/json
400
Invalid team ID
application/json
403
Forbidden. This error occurs when the user want to change the team in demo mode or not a member of that team.
application/json
post
POST /auth/change-team HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "teamId": "team_id"
}
{
  "accessToken": "new_access_token",
  "refreshToken": "new_refresh_token",
  "isTwoFactorEnable": true
}