Auth

This page describes all endpoint in Auth Controller

GET

Gets the profile of the authenticated user.

get

Responses

200

User profile retrieved successfully

application/json

401

Unauthorized

application/json

get

/auth/me

GET /auth/me HTTP/1.1
Host: 
Accept: */*

{
  "id": 1,
  "email": "user.email@gmail.com",
  "firstName": "John",
  "lastName": "Doe",
  "roles": [
    "User"
  ],
  "isTwoFactorEnable": true,
  "photo": "https://example.com/photo.jpg"
}

POST

post

Body

captchaTokenstringOptionalExample: captcha_token

Responses

200

Successful authentication

application/json

400

Invalid captcha token or authentication failure

application/json

post

/auth/sign-in

POST /auth/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 102

{
  "credentials": {
    "email": "user.email@gmail.com",
    "password": "user12345"
  },
  "captchaToken": "captcha_token"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

post

Body

emailstringOptionalExample: user.email@gmail.com

passwordstringOptionalExample: user12345

firstNamestringOptionalExample: John

lastNamestringOptionalExample: Doe

Responses

201

User successfully registered

application/json

400

Invalid input or user already exists

application/json

403

Account was deleted

application/json

post

/auth/sign-up

POST /auth/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 91

{
  "email": "user.email@gmail.com",
  "password": "user12345",
  "firstName": "John",
  "lastName": "Doe"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

post

Body

tokenstringOptionalExample: google_oauth_token

Responses

200

Successful authentication

application/json

400

To proceed, please sign up.

application/json

post

/auth/google/sign-in

POST /auth/google/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "token": "google_oauth_token"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

post

Body

tokenstringOptionalExample: google_oauth_token

Responses

201

User successfully registered

application/json

400

OAuth provider account already exists

application/json

403

Account was deleted

application/json

post

/auth/google/sign-up

POST /auth/google/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 30

{
  "token": "google_oauth_token"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

post

Body

tokenstringOptionalExample: facebook_oauth_token

Responses

200

Successful authentication

application/json

400

To proceed, please sign up.

application/json

post

/auth/facebook/sign-in

POST /auth/facebook/sign-in HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "token": "facebook_oauth_token"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

post

Body

tokenstringOptionalExample: facebook_oauth_token

Responses

201

User successfully registered

application/json

400

OAuth provider account already exists

application/json

403

Account was deleted

application/json

post

/auth/facebook/sign-up

POST /auth/facebook/sign-up HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "token": "facebook_oauth_token"
}

{
  "accessToken": "access_token",
  "refreshToken": "refresh_token",
  "isTwoFactorEnable": true
}

Refreshes the access token using a valid refresh token.

post

Body

refreshTokenstringOptionalExample: valid_refresh_token

Responses

200

Tokens refreshed successfully

application/json

401

Unauthorized

application/json

post

/auth/refresh-token

POST /auth/refresh-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 38

{
  "refreshToken": "valid_refresh_token"
}

{
  "accessToken": "new_access_token",
  "refreshToken": "new_refresh_token",
  "isTwoFactorEnable": true
}

Initiates the password reset process by sending a reset link to the user's email.

post

Body

emailstringOptionalExample: user.email@gmail.com

Responses

200

Password reset link sent successfully

application/json

ResponseanyExample:

{"message":"Password restoration email send","description":"Check your email for further instructions on how to change your password."}

400

User is not registered

application/json

post

/auth/forgot-password

POST /auth/forgot-password HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "email": "user.email@gmail.com"
}

{
  "message": "Password restoration email send",
  "description": "Check your email for further instructions on how to change your password."
}

Validates the restore token to ensure it is still valid and has not expired.

post

Body

tokenstringOptionalExample: valid_restore_token

Responses

200

Token is valid

application/json

ResponseanyExample: true

400

Validation failed

application/json

post

/auth/validate-restore-token

POST /auth/validate-restore-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "token": "valid_restore_token"
}

true

Validates the invitation token to ensure it is still valid and has not expired.

post

Body

tokenstringOptionalExample: valid_invitation_token

Responses

200

Token is valid

application/json

ResponseanyExample: true

400

Validation failed

application/json

post

/auth/validate-invitation-token

POST /auth/validate-invitation-token HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 34

{
  "token": "valid_invitation_token"
}

true

Restores the user's password using a valid restore token.

post

Body

newPasswordstringRequiredExample: newSecurePassword123

tokenstringRequiredExample: someRandomToken123

Responses

200

Password restored successfully

application/json

ResponseanyExample: {"message":"Password restored successfully","description":"Your password has been changed successfully."}

400

Validation failed

application/json

500

Internal server error

application/json

post

/auth/restore-password

POST /auth/restore-password HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 67

{
  "newPassword": "newSecurePassword123",
  "token": "someRandomToken123"
}

{
  "message": "Password restored successfully",
  "description": "Your password has been changed successfully."
}

Completes the invitation process by setting the user's password and activating the account.

post

Body

newPasswordstringRequired

New password for the user

Example: newSecurePassword123

tokenstringRequired

Token for registration completion

Example: someRandomToken123

firstNamestringRequired

First name of the user

Example: John

lastNamestringRequired

Last name of the user

Example: Doe

Responses

200

Invitation finished successfully

application/json

ResponseanyExample:

{"message":"Invitation finished successfully","description":"Your account has been activated and your password has been set successfully."}

400

Validation failed

application/json

500

Internal server error

application/json

post

/auth/finish-invitation

POST /auth/finish-invitation HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 103

{
  "newPassword": "newSecurePassword123",
  "token": "someRandomToken123",
  "firstName": "John",
  "lastName": "Doe"
}

{
  "message": "Invitation finished successfully",
  "description": "Your account has been activated and your password has been set successfully."
}

Changes the user's active team and returns new tokens for session management.

post

Body

teamIdstringOptionalExample: team_id

Responses

200

Team changed successfully

application/json

400

Invalid team ID

application/json

403

Forbidden. This error occurs when the user want to change the team in demo mode or not a member of that team.

application/json

post

/auth/change-team

POST /auth/change-team HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "teamId": "team_id"
}

{
  "accessToken": "new_access_token",
  "refreshToken": "new_refresh_token",
  "isTwoFactorEnable": true
}

PreviousEndpoints List NextTwo Factor Auth

Last updated 1 year ago

GET

Gets the profile of the authenticated user.

POST

Authenticates a user, verifies their captchaToken, and returns tokens for session management along with their two-factor authentication status.

Registers a new user with email and password and returns tokens for session management.

Authenticates a user using Google OAuth and returns tokens for session management.

Registers a new user using Google OAuth and returns tokens for session management.

Authenticates a user using Facebook OAuth and returns tokens for session management.

Registers a new user using Facebook OAuth and returns tokens for session management.

Refreshes the access token using a valid refresh token.

Initiates the password reset process by sending a reset link to the user's email.

Validates the restore token to ensure it is still valid and has not expired.

Validates the invitation token to ensure it is still valid and has not expired.

Restores the user's password using a valid restore token.

Completes the invitation process by setting the user's password and activating the account.

Changes the user's active team and returns new tokens for session management.