Authentication APIs

Complete reference for authentication and authorization endpoints.

← Back to API Reference

POST /api/auth/login

Authenticates a user and returns a JWT token.

Request Body

{
  "username": "john@example.com",  // Email or username
  "password": "securePassword123"
}

Response (200 OK)

{
  "success": true,
  "message": "Login successful",
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "uuid",
    "username": "john",
    "email": "john@example.com",
    "name": "John Doe",
    "organization": "Acme Corp",
    "aws_region": "eu-north-1",
    "role": "admin",
    "is_active": true,
    "created_at": "2024-01-01T00:00:00Z",
    "updated_at": "2024-01-01T00:00:00Z",
    "last_login": "2024-01-10T12:00:00Z"
  }
}

Error Responses

// 400 Bad Request
{
  "success": false,
  "message": "Username and password are required"
}

// 401 Unauthorized
{
  "success": false,
  "message": "Invalid username or password"
}

GET /api/auth/validate

Validates an existing JWT token and returns user information.

Request Headers

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Response (200 OK)

{
  "success": true,
  "message": "Token is valid",
  "user": {
    "id": "uuid",
    "username": "john",
    "email": "john@example.com",
    "name": "John Doe",
    "role": "admin",
    ...
  }
}

Error Responses

// 401 Unauthorized
{
  "success": false,
  "message": "No token provided"
}

// 401 Unauthorized
{
  "success": false,
  "message": "Invalid or expired token"
}

POST /api/auth/logout

Logs out the current user. Client should delete the stored token.

Response (200 OK)

{
  "success": true,
  "message": "Logged out"
}

GET /api/auth/aws-credentials

Admin/Super Admin only. Retrieves masked AWS credentials and example API calls.

Response (200 OK)

{
  "success": true,
  "credentials": {
    "region": "eu-north-1",
    "accessKeyId": "AKIAIOSFODNN7EXAMPLE",
    "secretAccessKey": "wJal****************************KEYX",
    "endpoint": "https://bedrock-runtime.eu-north-1.amazonaws.com/model/...",
    "authMethod": "AWS Signature Version 4",
    "curlExample": "curl -X POST ...",
    "nodeExample": "// Node.js example...",
    "pythonExample": "# Python example..."
  }
}

GET /api/auth/nvidia-credentials

Admin/Super Admin only. Retrieves masked NVIDIA API key and example API calls.

Response (200 OK)

{
  "success": true,
  "credentials": {
    "apiKey": "nvap************************************xxxx",
    "baseUrl": "https://integrate.api.nvidia.com",
    "endpoint": "https://integrate.api.nvidia.com/v1/chat/completions",
    "curlExample": "curl -X POST ...",
    "nodeExample": "// Node.js example...",
    "pythonExample": "# Python example..."
  }
}

💡 Authentication Best Practices

  • Always use HTTPS in production
  • Store tokens securely (localStorage or httpOnly cookies)
  • Include Bearer prefix in Authorization header
  • Handle token expiration gracefully (24 hour lifetime)
  • Clear tokens on logout