← Back to Hub

Authentication API 🔐

All authentication uses JWT tokens. Secure endpoints require Authorization: Bearer <token> in the headers.

Security Update: The auth endpoints are now protected by an IP Rate Limiter (max 10 requests / 15 minutes) to prevent brute force attacks. Password strength validation requires min 8 chars, 1 letter, and 1 number.

1. Login

POST /api/auth/login

{
  "email": "admin@shopvibe.com",
  "password": "Admin@123456"
}

Response: Returns access token, user profile, and sets an HTTP-only refresh token cookie.

2. Register

POST /api/auth/register

{
  "name": "John Doe",
  "email": "john@example.com",
  "password": "SecurePassword123"
}

3. Get Current User

GET /api/auth/me (Requires Token)