Authentication Service API

The Authentication Service handles user registration, login, and account management operations.

Endpoints

Create a new user account with organization.

curl -X POST {{baseUrl}}/api/auth/signup \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "first_name": "John",
    "last_name": "Doe",
    "password": "SecurePassword123!"
  }'

Endpoint: POST /api/auth/signup Request Body:

Field	Type	Required	Description
`email`	string	Yes	User’s email address
`first_name`	string	Yes	User’s first name
`last_name`	string	Yes	User’s last name
`password`	string	Yes	User’s password (must meet security requirements)

Response:

Field	Type	Description
`id`	string (UUID)	The user’s unique identifier
`email`	string	User’s email address
`first_name`	string	User’s first name
`last_name`	string	User’s last name

Authenticate a user and receive an access token.

curl -X POST {{baseUrl}}/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "SecurePassword123!"
  }'

Endpoint: POST /api/auth/login Request Body:

Field	Type	Required	Description
`email`	string	Yes	User’s email address
`password`	string	Yes	User’s password

Response:

Field	Type	Description
`access_token`	string	JWT token to be used for authenticated requests
`token_type`	string	The type of token (always “bearer”)

curl -X POST {{baseUrl}}/api/auth/signup_invite \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "John",
    "last_name": "Doe",
    "password": "SecurePassword123!",
    "invite_token": "valid-invitation-token"
  }'

Endpoint: POST /api/auth/signup_invite Request Body:

Field	Type	Required	Description
`first_name`	string	Yes	User’s first name
`last_name`	string	Yes	User’s last name
`password`	string	Yes	User’s password
`invite_token`	string	Yes	The invitation token received via email

Response:

Field	Type	Description
`id`	string (UUID)	The user’s unique identifier
`email`	string	User’s email address (from invitation)
`first_name`	string	User’s first name
`last_name`	string	User’s last name
`access_token`	string	JWT token for authentication

Error Responses

Status Code	Description
400	Bad Request - Invalid input or validation error
401	Unauthorized - Invalid credentials
409	Conflict - User already exists
422	Unprocessable Entity - Input validation failed
500	Internal Server Error - Server-side error

Authentication

Most endpoints in this service do not require authentication, as they are used for the authentication process itself. The exceptions are:

Password reset endpoints may require a valid reset token
Account management endpoints may require a valid JWT token

Implementation Notes

Passwords are securely hashed using SHA-256
JWT tokens have a configurable expiration time
Failed login attempts are rate-limited to prevent brute force attacks

🎯 Welcome

🚀 Getting Started

💡 Core Concepts

🏗️ Platform Architecture

🔐 Security & Auth

📡 API Reference

🛠️ Development Guides

🚨 Troubleshooting

Authentication Service API

Endpoints

Error Responses

Authentication

Implementation Notes

🎯 Welcome

🚀 Getting Started

💡 Core Concepts

🏗️ Platform Architecture

🔐 Security & Auth

📡 API Reference

🛠️ Development Guides

🚨 Troubleshooting

​Endpoints

​Sign Up

​Login

​Sign Up via Invitation

​Error Responses

​Authentication

​Implementation Notes

Endpoints

Sign Up

Login

Sign Up via Invitation

Error Responses

Authentication

Implementation Notes