Authentication (API)
Bearer token
For protected endpoints, send this header:
http
Authorization: Bearer <access_token>Obtaining a token
POST /auth/login (or /api/v1/auth/login — prefix depends on your environment) body:
json
{ "email": "[email protected]", "password": "********" }On success, the response returns accessToken and user.
Invalid session
- 401: Token missing, expired, or invalid
- The client usually clears the session and redirects to the sign-in page
Profile
GET /auth/profile or GET /users/me — richer user + organization payload (varies by backend)
Path prefix
Paths in this documentation are examples. Align the real API prefix (/api/v1, etc.) with your backend and gateway configuration.
Next: Auth endpoints