Authentication API
Secure authentication endpoints for your application.
Overview
The Irresistible API provides robust authentication using JWT tokens with secure HTTP-only cookies.
Endpoints
POST /api/auth/signup
Create a new user account.
Request Body:
{
"email": "user@example.com",
"username": "johndoe",
"password": "securepassword123"
}Response:
{
"success": true,
"userId": "user_123",
"message": "Account created successfully"
}POST /api/auth/login
Authenticate a user and create a session.
Request Body:
{
"email": "user@example.com",
"password": "securepassword123"
}Response:
{
"success": true,
"userId": "user_123"
}GET /api/auth/me
Get current authenticated user.
Response:
{
"user": {
"id": "user_123",
"email": "user@example.com",
"username": "johndoe",
"createdAt": "2024-01-01T00:00:00Z"
}
}POST /api/auth/logout
End the current session.
Response:
{
"success": true,
"message": "Logged out successfully"
}OAuth Providers
GitHub OAuth
GET /api/auth/github
Initiate GitHub OAuth flow.
GET /api/auth/github/callback
Handle GitHub OAuth callback.
Security
- Passwords are hashed using Argon2id
- Sessions use secure HTTP-only cookies
- CSRF protection enabled
- Rate limiting on auth endpoints
Error Responses
{
"error": "Invalid credentials",
"code": "AUTH_INVALID_CREDENTIALS"
}Common error codes:
AUTH_INVALID_CREDENTIALSAUTH_USER_EXISTSAUTH_RATE_LIMITEDAUTH_INVALID_TOKEN