API Documentation
Back to Documentation

Authentication API

Secure user authentication and authorization with JWT tokens

Authentication Overview

Our authentication system uses JWT (JSON Web Tokens) for secure user authentication. All protected endpoints require a valid Bearer token in the Authorization header.

JWT Tokens

Secure, stateless authentication with configurable expiration

Password Security

Bcrypt hashing and secure password reset functionality

Role-Based Access

Fine-grained permissions for different user types

User Registration

Create a new user account with email, username, and password

POST/api/v1/auth/signup

Request Body

{
  "email": "user@example.com",
  "password": "securePassword123",
  "username": "johndoe"
}

cURL Example

curl -X POST "https://api.payment-gateway.com/api/v1/auth/signup" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securePassword123",
    "username": "johndoe"
  }'

Response

{
    "success": true,
    "message": "User registered successfully",
    "data": {
        "user": {
            "id": 1,
      "email": "user@example.com",
      "username": "johndoe",
      "createdAt": "2024-01-15T10:30:00Z"
    },
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

User Login

Authenticate user with email and password to receive JWT token

POST/api/v1/auth/login

Request Body

{
  "email": "user@example.com",
  "password": "securePassword123"
}

cURL Example

curl -X POST "https://api.payment-gateway.com/api/v1/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securePassword123"
  }'

Response

{
    "success": true,
    "message": "Login successful",
    "data": {
        "user": {
            "id": 1,
      "email": "user@example.com",
      "username": "johndoe"
    },
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": "24h"
  }
}

Using JWT Tokens

How to include JWT tokens in your API requests

Authorization Header

Include the JWT token in the Authorization header for all protected endpoints:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

cURL Example with Token

curl -X GET "https://api.payment-gateway.com/api/v1/protected-endpoint" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "Content-Type: application/json"

Security Best Practices

Important security considerations for your implementation

Store Tokens Securely

Store JWT tokens in secure storage (httpOnly cookies or secure local storage)

Use HTTPS

Always use HTTPS in production to protect token transmission

Implement Token Refresh

Implement automatic token refresh before expiration