Authentication
Categories
Login
curl --request POST \
--url https://api.example.com/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"message": "<string>",
"data": {
"email": "<string>",
"first_name": "<string>",
"role": "<string>",
"token": "<string>"
}
}Authentication
Login
Authenticate a user and receive a JWT token
POST
/
auth
/
login
Login
curl --request POST \
--url https://api.example.com/auth/login \
--header 'Content-Type: application/json' \
--data '
{
"email": "<string>",
"password": "<string>"
}
'{
"message": "<string>",
"data": {
"email": "<string>",
"first_name": "<string>",
"role": "<string>",
"token": "<string>"
}
}Overview
Validates user credentials (email and password) and returns a JSON Web Token (JWT) for authenticated API requests. The token expires after 1 hour by default.Request
Body Parameters
User’s email address used for authentication
User’s password in plain text (will be compared against hashed password in database)
Request Example
cURL
curl -X POST https://api.marsai.com/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "producer@example.com",
"password": "securePassword123"
}'
JavaScript
const response = await fetch('https://api.marsai.com/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
email: 'producer@example.com',
password: 'securePassword123'
})
});
const data = await response.json();
console.log(data.data.token);
Response
Success Response (200)
Returns user information and authentication token.Success message: “Connexion réussie”
Show data properties
Show data properties
User’s email address
User’s first name
User’s role in the platform (e.g., “PRODUCER”, “ADMIN”, “JURY”)
JWT authentication token. Include this in the Authorization header for protected routes.Token payload contains:
id: User ID (id_user)role: User roleexpiresIn: Token expiration time (default 1 hour)
Example Response
{
"message": "Connexion réussie",
"data": {
"email": "producer@example.com",
"first_name": "John",
"role": "PRODUCER",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
Error Responses
401 Unauthorized
Invalid credentials providedThis error occurs when:
{
"error": "Identifiants invalides"
}
- Email does not exist in the database
- Password does not match the hashed password
500 Internal Server Error
Server error during authentication processThis error occurs when:
{
"error": "Erreur serveur"
}
- Database connection fails
- Password comparison operation fails
Implementation Details
Authentication Flow
- User Lookup: Searches for user by email in the database (
User.findOne({ where: { email } })) - Password Verification: Compares provided password with stored hash using bcrypt (
comparePassword(password, user.password)) - Token Generation: Creates JWT with user ID and role using
jsonwebtokenlibrary - Response: Returns user information and token
Source Code Reference
Implementation:back/src/controllers/AuthController.js:20-60
function login(req, res) {
const { email, password } = req.body;
User.findOne({ where: { email } }).then((user) => {
if (!user) {
return res.status(401).json({ error: "Identifiants invalides" });
}
comparePassword(password, user.password).then((isMatch) => {
if (!isMatch) {
return res.status(401).json({ error: "Identifiants invalides" });
}
const token = jwt.sign(
{ id: user.id_user, role: user.role },
process.env.JWT_SECRET,
{ expiresIn: process.env.JWT_EXPIRES_IN || "1h" }
);
const responseData = {
message: "Connexion réussie",
data: {
email: user.email,
first_name: user.first_name,
role: user.role,
token,
}
};
return res.status(200).json(responseData);
});
});
}
Using the Token
Include the token in the Authorization header for authenticated requests:curl -X GET https://api.marsai.com/user/profile \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
⌘I
Assistant
Responses are generated using AI and may contain mistakes.