Login

Endpoint: POST /auth/login

Description: Authenticate user with email and password.

Headers:

  • Content-Type: application/json

Request Body:

{
  "email": "string (required, valid email)",
  "password": "string (required, min 8 chars)"
}

Success Response (200):

{
  "success": true,
  "data": {
    "_id": "507f1f77bcf86cd799439011",
    "username": "johndoe",
    "name": "John Doe",
    "email": "john@example.com",
    "avatar": "default.jpg",
    "createdAt": "2023-01-01T00:00:00.000Z",
    "updatedAt": "2023-01-01T00:00:00.000Z"
  },
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Cookies Set:

  • accessToken (HttpOnly, Secure, SameSite=None, 1 hour expiry)

  • refreshToken (HttpOnly, Secure, SameSite=None, 30 days expiry)

Error Responses:

401 Unauthorized:

{
  "success": false,
  "message": "Invalid email or password."
}

422 Validation Error:

{
  "success": false,
  "message": "Validation failed",
  "errors": {
    "email": "Please provide a valid email"
  }
}
Updated on
Register
Get Current User