Authentication API
Complete API reference for user authentication, registration, OAuth flows, and session management in ContentSellify.
Base URL
http://localhost:5000/api/authProduction: https://api.contentsellify.com/api/auth
Authentication Methods
JWT Tokens
Bearer token authentication
HTTP Cookies
Secure session cookies
OAuth 2.0
Google & GitHub
POST /register
Register a new user with email and password.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Full name (2-50 characters) |
email | string | Yes | Valid email address |
password | string | Yes | Minimum 8 characters |
role | string | Optional | "seller" or "buyer" (default: "buyer") |
Example Request
curl -X POST http://localhost:5000/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"name": "Swapnil Shelke",
"email": "swapnil@example.com",
"password": "SecurePass123!",
"role": "seller"
}'Success Response (201 Created)
{
"success": true,
"message": "User registered successfully",
"data": {
"user": {
"id": "507f1f77bcf86cd799439011",
"name": "Swapnil Shelke",
"email": "swapnil@example.com",
"role": "seller",
"isVerified": false,
"createdAt": "2024-01-15T10:30:00.000Z"
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}Error Responses
400 Bad Request
{
"success": false,
"error": "Email already registered"
}422 Validation Error
{
"success": false,
"error": "Validation failed",
"details": {
"email": "Invalid email format",
"password": "Password must be at least 8 characters"
}
}POST /login
Login with email and password to receive a JWT token.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Registered email address |
password | string | Yes | User password |
Example Request
curl -X POST http://localhost:5000/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "swapnil@example.com",
"password": "SecurePass123!"
}'Success Response (200 OK)
{
"success": true,
"message": "Login successful",
"data": {
"user": {
"id": "507f1f77bcf86cd799439011",
"name": "Swapnil Shelke",
"email": "swapnil@example.com",
"role": "seller",
"isVerified": true
},
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": "7d"
}
}Error Responses
401 Unauthorized
{
"success": false,
"error": "Invalid email or password"
}GET /me
Get the currently authenticated user's profile.
Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Example Request
curl -X GET http://localhost:5000/api/auth/me \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Success Response (200 OK)
{
"success": true,
"data": {
"user": {
"id": "507f1f77bcf86cd799439011",
"name": "Swapnil Shelke",
"email": "swapnil@example.com",
"role": "seller",
"isVerified": true,
"profile": {
"avatar": "https://cdn.contentsellify.com/avatars/user123.jpg",
"bio": "Digital content creator",
"website": "https://bitforge.in"
},
"stats": {
"totalSales": 150,
"totalEarnings": 75000,
"productsListed": 25
},
"createdAt": "2024-01-15T10:30:00.000Z"
}
}
}Error Response
401 Unauthorized
{
"success": false,
"error": "Invalid or expired token"
}GET /google
Initiate Google OAuth 2.0 authentication flow.
Usage
Redirect user to this endpoint to start Google login:
window.location.href = 'http://localhost:5000/api/auth/google';Flow
- 1.User clicks "Continue with Google" button
- 2.Browser redirects to
/api/auth/google - 3.Server redirects to Google's OAuth consent screen
- 4.User authorizes application
- 5.Google redirects to
/api/auth/google/callback - 6.Server creates/finds user and issues JWT token
- 7.User redirected to dashboard with auth cookie
GET /github
Initiate GitHub OAuth 2.0 authentication flow.
Usage
Redirect user to this endpoint to start GitHub login:
window.location.href = 'http://localhost:5000/api/auth/github';Flow is identical to Google OAuth. GitHub redirects to /api/auth/github/callback after authorization.
POST /logout
Logout user and invalidate session/token.
Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Example Request
curl -X POST http://localhost:5000/api/auth/logout \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Success Response (200 OK)
{
"success": true,
"message": "Logged out successfully"
}POST /refresh
Refresh an expired JWT token using a refresh token.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
refreshToken | string | Yes | Valid refresh token |
Example Request
curl -X POST http://localhost:5000/api/auth/refresh \
-H "Content-Type: application/json" \
-d '{
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}'Success Response (200 OK)
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresIn": "7d"
}
}🎫 JWT Token Structure
JWT tokens are returned upon successful login/registration. Include them in the Authorization header for protected endpoints.
Token Payload
{
"userId": "507f1f77bcf86cd799439011",
"email": "swapnil@example.com",
"role": "seller",
"iat": 1705315800,
"exp": 1705920600
}Using Tokens
Include the JWT in the Authorization header of protected API requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...⚠️Important: Tokens expire after 7 days. Use the refresh endpoint to get a new token without re-authenticating.
Common Error Codes
Bad Request
Invalid input data or missing required fields
Unauthorized
Invalid credentials or missing/expired token
Forbidden
Insufficient permissions for requested resource
Validation Error
Request data failed validation rules
Internal Server Error
Unexpected server error occurred
Related APIs
Need Help with Authentication?
Having trouble integrating authentication? Contact our API support team.