Authentication API Reference
Complete reference for all authentication endpoints
Core Authentication Endpoints
| Endpoint | Method | Description | Auth Required |
|---|---|---|---|
/api/auth/register |
POST | Register new user account | |
/api/auth/login |
POST | Authenticate user and get tokens | |
/api/auth/logout |
POST | Logout user and blacklist tokens | |
/api/auth/validate |
GET | Validate JWT token | |
/api/auth/refresh |
POST | Refresh access token | |
/api/auth/me |
GET | Get current user data |
Single Sign-On (SSO) Endpoints
| Endpoint | Method | Description | Auth Required |
|---|---|---|---|
/api/auth/sso/authorize |
GET | SSO authorization endpoint | |
/api/auth/sso/token |
POST | Get SSO token for authenticated user |
Need SSO integration help?
View the complete SSO integration guide
Authentication Flow
Standard Authentication
- User sends credentials to
/api/auth/login - Receive access_token and refresh_token
- Include access_token in Authorization header
- Use refresh_token to get new access_token when expired
SSO Authentication
- Redirect user to
/api/auth/sso/authorize - User authenticates (or is already logged in)
- User redirected back with token
- Validate token with
/api/auth/validate
Common Headers
| Header | Value | Description |
|---|---|---|
Content-Type |
application/json |
Required for POST requests |
Authorization |
Bearer {access_token} |
Required for authenticated endpoints |
Origin |
https://yourapp.com |
Required for CORS requests |
Common Error Responses
| Status Code | Error | Description |
|---|---|---|
| 400 | Bad Request | Missing required fields or invalid data format |
| 401 | Unauthorized | Invalid credentials or expired/invalid token |
| 409 | Conflict | Username or email already exists |
| 500 | Internal Server Error | Server-side error occurred |
Example Error Response
{
"error": "Invalid credentials",
"message": "Username or password is incorrect"
}