User Login
POST/auth/login
Main endpoint for user authentication. Typical Flow:
- The client sends a valid email and password
- The server verifies the credentials against the database
- If correct, it returns a JWT token and user information
- The token must be included in the Authorization header of subsequent requests Usage Examples:
- Login from a web or mobile application
- Authentication to access protected resources
- Obtaining a token to consume other API endpoints Important Notes:
- The password must be a minimum of 6 characters
- The returned access token is valid for 24 hours
- After 3 failed attempts, the account is temporarily locked for 15 minutes
- The token must be sent in subsequent requests as:
Authorization: Bearer {token}Common Error Codes: 401: Invalid credentials or user not found423: Account locked due to multiple failed attempts403: User deactivated or lacking permissions
Request
Responses
- 200
- 401
- 423
Successful authentication
Unauthorized - Invalid or missing authentication
Account temporarily locked