Skip to main content

Overview

You use the authentication API to create accounts, issue tokens, manage profile data, and run OAuth login flows.

Public endpoints

POST /auth/register

Creates a user account.
  • Auth: none
  • Body fields:
  • email (required)
  • password (required, min length 6)
  • confirmPassword (required)
  • name, username, bio, company, location, website, githubUsername, image (optional)
curl -X POST http://localhost:3000/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "alice@example.com",
    "password": "StrongPass123!",
    "confirmPassword": "StrongPass123!",
    "name": "Alice Doe"
  }'

POST /auth/login

Logs a user in with email and password.
  • Auth: none
  • Body fields:
  • email (required)
  • password (required)
  • twoFactorCode (optional)
Expected response includes access and refresh tokens.

POST /auth/refresh

Issues a fresh access token and refresh token pair.
  • Auth: none
  • Body fields:
  • refreshToken (required)

POST /auth/forgot-password

Starts the password reset flow.
  • Auth: none
  • Body fields:
  • email (required)

POST /auth/reset-password

Completes password reset with a reset token.
  • Auth: none
  • Body fields:
  • token (required)
  • newPassword (required)
  • confirmPassword (required)

Protected endpoints

All routes below require Authorization: Bearer <access_token>.

POST /auth/2fa/setup

Generates a 2FA secret for the current user.

POST /auth/2fa/verify

Verifies a TOTP code and enables 2FA.
  • Body fields:
  • code (required)

POST /auth/2fa/disable

Disables 2FA for the current user.
  • Body fields:
  • code (required)

GET /auth/me

Returns the authenticated user profile.

PATCH /auth/me

Updates profile fields for the authenticated user.
  • Body fields are optional profile fields:
  • email, name, username, bio, company, location, website, githubUsername, image

POST /auth/logout

Returns a stateless logout acknowledgment.

OAuth endpoints

GET /auth/github

Starts GitHub OAuth login.

GET /auth/github/connect

Starts GitHub OAuth account linking for an authenticated user.
  • Auth: Bearer token required
  • Behavior: redirects to /auth/github with connect mode metadata

GET /auth/github/callback

Handles GitHub OAuth callback.
  • Auth: handled by OAuth guard
  • Behavior:
  • Login mode redirects to frontend callback with access and refresh tokens in query params.
  • Connect mode redirects to connected accounts settings with success status.

GET /auth/google

Starts Google OAuth login.

GET /auth/google/callback

Handles Google OAuth callback and redirects to frontend callback URL with tokens.
OAuth callback routes are redirect endpoints. You do not call them manually from client SDK code.