Authentication API
The Authentication API handles user registration, login, profile retrieval, and role-based access. All protected endpoints require a JWT Bearer Token, which must be included in the request headers as:
Authorization: Bearer <your_token_here>
If the token is missing or invalid, the API will return a 401 Unauthorized response.
Base URL
/api/auth
Endpoints Overview
| Method | Endpoint | Description | Auth Required |
|---|---|---|---|
| POST | /register | Register a new user | No |
| POST | /login | Authenticate an existing user and get a token | No |
| GET | /me | Get details of the logged-in user | Yes |
| POST | /invite-admin | Create a new admin user (admin-only route) | Yes (Admin) |
1. Register User
POST /register
Registers a new user into the system.
Request Body
{
"name": "John Doe",
"email": "john@example.com",
"password": "yourpassword"
}
Response (201 Created)
{
"message": "User registered successfully",
"user": {
"_id": "65f93b8c9e9a2d52c3a421de",
"name": "John Doe",
"email": "john@example.com",
"role": "member"
}
}
2. Login User
POST /login
Authenticates a user and returns a JWT token required for accessing protected endpoints.
Request Body
{
"email": "john@example.com",
"password": "yourpassword"
}
Response (200 OK)
{
"token": "eyJhbGciOiJIUzI1NiIsInR...",
"user": {
"_id": "65f93b8c9e9a2d52c3a421de",
"name": "John Doe",
"email": "john@example.com",
"role": "member"
}
}
3. Get Current Authenticated User
GET /me
Returns profile information of the currently logged-in user. This is useful for front-end applications to fetch user details after login.
Headers
Authorization: Bearer <token>
Response (200 OK)
{
"_id": "65f93b8c9e9a2d52c3a421de",
"name": "John Doe",
"email": "john@example.com",
"role": "member",
"profileImageUrl": null
}
4. Invite Admin (Admin Only)
POST /invite-admin
Allows an existing admin to create another admin user.
Headers
Authorization: Bearer <admin_token>
Request Body
{
"name": "Admin Two",
"email": "admin2@example.com",
"password": "strongpassword"
}
Response (200 OK)
{
"message": "Admin user created successfully",
"user": {
"_id": "65f93ed19e9323e39f41b234",
"name": "Admin Two",
"email": "admin2@example.com",
"role": "admin"
}
}
Common Error Responses
| Status | Reason | Example |
|---|---|---|
| 400 | Missing fields | {"message": "Email and password required"} |
| 401 | Invalid or missing token | {"message": "Not authorized"} |
| 403 | User does not have permission | {"message": "Access denied, admin only"} |
| 409 | Email already registered | {"message": "User already exists"} |