Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.hostifer.me/llms.txt

Use this file to discover all available pages before exploring further.

Overview

You use the authentication API to create accounts, issue tokens, manage profile data, and run OAuth login flows.

Public endpoints

POST /auth/register

Creates a user account.
  • Auth: none
  • Body fields:
  • email (required)
  • password (required, min length 6)
  • confirmPassword (required)
  • name, username, bio, company, location, website, githubUsername, image (optional)
curl -X POST http://localhost:3000/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "alice@example.com",
    "password": "StrongPass123!",
    "confirmPassword": "StrongPass123!",
    "name": "Alice Doe"
  }'

POST /auth/login

Logs a user in with email and password.
  • Auth: none
  • Body fields:
  • email (required)
  • password (required)
  • twoFactorCode (optional)
Expected response includes access and refresh tokens.

POST /auth/refresh

Issues a fresh access token and refresh token pair.
  • Auth: none
  • Body fields:
  • refreshToken (required)

POST /auth/forgot-password

Starts the password reset flow.
  • Auth: none
  • Body fields:
  • email (required)

POST /auth/reset-password

Completes password reset with a reset token.
  • Auth: none
  • Body fields:
  • token (required)
  • newPassword (required)
  • confirmPassword (required)

Protected endpoints

All routes below require Authorization: Bearer <access_token>.

POST /auth/2fa/setup

Generates a 2FA secret for the current user.

POST /auth/2fa/verify

Verifies a TOTP code and enables 2FA.
  • Body fields:
  • code (required)

POST /auth/2fa/disable

Disables 2FA for the current user.
  • Body fields:
  • code (required)

GET /auth/me

Returns the authenticated user profile.

PATCH /auth/me

Updates profile fields for the authenticated user.
  • Body fields are optional profile fields:
  • email, name, username, bio, company, location, website, githubUsername, image

POST /auth/logout

Returns a stateless logout acknowledgment.

OAuth endpoints

GET /auth/github

Starts GitHub OAuth login.

GET /auth/github/connect

Starts GitHub OAuth account linking for an authenticated user.
  • Auth: Bearer token required
  • Behavior: redirects to /auth/github with connect mode metadata

GET /auth/github/callback

Handles GitHub OAuth callback.
  • Auth: handled by OAuth guard
  • Behavior:
  • Login mode redirects to frontend callback with access and refresh tokens in query params.
  • Connect mode redirects to connected accounts settings with success status.

GET /auth/google

Starts Google OAuth login.

GET /auth/google/callback

Handles Google OAuth callback and redirects to frontend callback URL with tokens.
OAuth callback routes are redirect endpoints. You do not call them manually from client SDK code.