Authentication

Authentication

The Infomaxim API uses JWT (JSON Web Tokens) for authentication. All protected endpoints require a valid JWT access token in the Authorization header.

Authentication Flow

  1. Login with credentials to receive access and refresh tokens
  2. Include access token in Authorization header for subsequent requests
  3. When access token expires (1 hour), use refresh token to obtain a new access token
  4. Refresh tokens are valid for 30 days

Authentication Headers

Authorization: Bearer <your_jwt_access_token>
Content-Type: application/json

POST/auth/login

Authenticates a user and returns JWT tokens for API access.

Request Body

{
  "email": "user@example.com",
  "password": "SecurePass123!",
  "appID": 1
}

Parameters

  • email string required

    User's email address. Must be a valid email format.

  • password string required

    User's password. Minimum 8 characters.

  • appID number required

    Application ID for the Infomaxim instance.

Success Response (200 OK)

{
  "status": "Success",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "id": 123,
      "email": "user@example.com",
      "firstName": "John",
      "lastName": "Doe",
      "role": "admin"
    }
  },
  "datetime": "2024-01-01T12:00:00Z"
}

Example Usage

// JavaScript Example
const response = await fetch('http://localhost:3001/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'SecurePass123!',
    appID: 1
  })
});

const data = await response.json();
const accessToken = data.data.accessToken;
# cURL Example
curl -X POST http://localhost:3001/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "SecurePass123!",
    "appID": 1
  }'

POST/auth/sign-up

Registers a new user account.

Request Body

{
  "email": "newuser@example.com",
  "password": "SecurePass123!",
  "firstName": "Jane",
  "lastName": "Smith",
  "appID": 1
}

Parameters

  • email string required

    Email address for the new user. Must be unique.

  • password string required

    Password for the account. Minimum 8 characters with uppercase, lowercase, and number.

  • firstName string required

    User's first name.

  • lastName string required

    User's last name.

  • appID number required

    Application ID for registration.

Success Response (201 Created)

{
  "status": "Success",
  "data": {
    "userId": 124,
    "email": "newuser@example.com",
    "message": "User registered successfully"
  },
  "datetime": "2024-01-01T12:00:00Z"
}

POST/auth/refresh-token

Obtains a new access token using a valid refresh token.

Request Body

{
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Success Response (200 OK)

{
  "status": "Success",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  },
  "datetime": "2024-01-01T12:00:00Z"
}

POST/auth/sign-out

Logs out the current user and invalidates the refresh token.

Request Headers

Authorization: Bearer <access_token>

Request Body

{
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Success Response (200 OK)

{
  "status": "Success",
  "message": "Logged out successfully",
  "datetime": "2024-01-01T12:00:00Z"
}

Password Reset

POST/auth/request-pass

Initiates a password reset by sending a reset token to the user's email.

{
  "email": "user@example.com",
  "appID": 1
}

POST/auth/reset-pass

Completes the password reset using the token sent via email.

{
  "token": "reset_token_from_email",
  "newPassword": "NewSecurePass123!",
  "appID": 1
}