Skip to content

Authentication

Jump to bottom
Charles Leon edited this page Mar 25, 2019 · 15 revisions

Authentication

Protected API endpoints rely on JSON Web Tokens (JWT) for authentication. You can supply your JWT through the Authorization header with the value format bearer <JWT Token>. Any method marked as Protected will require this header or you will receive a 401 Unauthorized HTTP status code.

POST /auth/register

  • Allows users to sign up using a username and password. This api returns a JWT for reaching protected endpoints
* Params: {
    email: String | Required // Must be valid email format
    password: String | Required // Must meet password reqs (1+ upper, 1+ lower, 1+ number)
}
* Return: {
    error: bool
    message: String 
    data: { | Optional
        token: String // This is the JWT token which should be saved for later requests
    }
}

POST /auth/login

  • Allows users to sign in using their registered username and password
* Params: {
    email: String | Required // Must be valid email format
    password: String | Required
}
* Return: {
    error: bool
    message: String 
    data: { | Optional
        token: String // This is the JWT token which should be saved for later requests
    }
}

GET /auth/secret

  • Protected
  • For testing purposes only
  • Returns success message if accessed with a valid JWT
* Params: Null
* Return: String

POST /auth/forgot_password

  • Send the user an email with a link to reset their password
* Params: {
    email: String | Required
}
* Return: {
    error: bool
    message: String 
}

PUT /auth/reset_password

  • Calling this endpoint using the reset token sent in the email will allow a user to change their password.
* Params: {
    password: String | Required // Must meet the password reqs (1+ upper, 1+ lower, 1+ number)
    confirm_password | Required // Must match password
    token: | Required 
}
* Return: {
    error: bool
    message: String 
}

Password Reset Implementation

When the user requests to reset their password have a field to enter their email. Then hit POST /auth/forgot_password with the email input to have a reset link sent to them. The reset link will point to <application url>/reset_password/<token>. This url is where you should have the form for the user to input their new password. They must enter a new password and a confirmation which will then be sent along with the token to PUT /auth/reset_password. Lastly you will receive the results of the password update which you can display to the users.

Clone this wiki locally