AUTH
JWT-based
Autentificare
Endpoint pentru autentificare cu JWT token folosind AWS Cognito.
# POST /auth/login
Autentificare cu email și parolă prin AWS Cognito pentru obținerea unui JWT token.
⚠️Rate Limiting
Acest endpoint are rate limiting: maximum 10 încercări per minut per IP.
POST
/auth/loginRequest Body:
{
<span className="text-blue-400">"email"</span>: <span className="text-yellow-400">"user@example.com"</span>,
<span className="text-blue-400">"password"</span>: <span className="text-yellow-400">"your_password"</span>
}cURL Example:
$ curl -X POST https://www.api.livraria.ro/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "your_password"
}'Success Response (200 OK):
{
<span className="text-blue-400">"success"</span>: <span className="text-green-400">true</span>,
<span className="text-blue-400">"data"</span>: {
<span className="text-blue-400">"accessToken"</span>: <span className="text-yellow-400">"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."</span>,
<span className="text-blue-400">"refreshToken"</span>: <span className="text-yellow-400">"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."</span>,
<span className="text-blue-400">"expiresIn"</span>: <span className="text-purple-400">3600</span>,
<span className="text-blue-400">"tokenType"</span>: <span className="text-yellow-400">"Bearer"</span>,
<span className="text-blue-400">"user"</span>: {
<span className="text-blue-400">"id"</span>: <span className="text-purple-400">123</span>,
<span className="text-blue-400">"email"</span>: <span className="text-yellow-400">"user@example.com"</span>,
<span className="text-blue-400">"name"</span>: <span className="text-yellow-400">"Ion Popescu"</span>,
<span className="text-blue-400">"isBusiness"</span>: <span className="text-green-400">false</span>
}
},
<span className="text-blue-400">"message"</span>: <span className="text-yellow-400">"Login successful"</span>
}Error Responses:
401 Unauthorized - Invalid credentials:
{
<span className="text-blue-400">"success"</span>: <span className="text-red-400">false</span>,
<span className="text-blue-400">"message"</span>: <span className="text-yellow-400">"Invalid credentials"</span>
}400 Bad Request - User not confirmed:
{
<span className="text-blue-400">"success"</span>: <span className="text-red-400">false</span>,
<span className="text-blue-400">"message"</span>: <span className="text-yellow-400">"User account not confirmed. Please check your email."</span>
}400 Bad Request - Too many requests:
{
<span className="text-blue-400">"success"</span>: <span className="text-red-400">false</span>,
<span className="text-blue-400">"message"</span>: <span className="text-yellow-400">"Too many login attempts. Please try again later."</span>
}# Using the JWT Token
Pentru toate cererile autentificate, folosește token-ul JWT în header-ul Authorization.
HEADER
Authorization: Bearer <accessToken>Example pentru cereri autentificate:
$ curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \
-H "Content-Type: application/json" \
https://www.api.livraria.ro/user/profile💡 Notă importantă
- • Token-ul JWT expiră după timpul specificat în
expiresIn - • Pentru reînnoire, poți foliza refresh token-ul direct cu AWS Cognito
- • Nu este nevoie de endpoint /logout - ștergerea token-ului din client este suficientă