Auth

Endpoints

POST /api/auth/signup

Body

Field	Type	Required	Description
`username`	string	Yes	Min. 3 characters
`email`	string	Yes	Valid email
`password`	string	Yes	Min. 6 characters
`referralCode`	string	No	Optional referral code

Response — 201 Created

{
  "user": { "id": 1, "username": "john", "email": "john@example.com" },
  "accessToken": "eyJ..."
}

POST /api/auth/login

Body

Field	Type	Required	Description
`email`	string	Yes	Email or username
`password`	string	Yes	—

Response — 200 OK

{
  "user": { "id": 1, "username": "john", "email": "john@example.com" },
  "accessToken": "eyJ..."
}

Logout

POST /api/auth/logout

Clears session cookies. No body required.

Refresh Token

POST /api/auth/refresh

Uses the HTTP-only refresh token cookie to issue a new access token. Response — 200 OK

{ "accessToken": "eyJ..." }

Check Auth Status

GET /api/auth/check

Returns the current authenticated user, or 401 if not authenticated.

Forgot Password

POST /api/auth/forgot-password

Body

Field	Type	Required
`email`	string	Yes

Sends a password reset link to the provided email.

OAuth — Google

GET /api/auth/google/url         # Get Google OAuth redirect URL
GET /api/auth/google/callback    # OAuth callback (handled by Google redirect)

OAuth — Twitter

GET /api/auth/twitter/url        # Get Twitter OAuth redirect URL
GET /api/auth/twitter/callback   # OAuth callback (handled by Twitter redirect)

Getting Started

API Reference

Architecture

Endpoints

Logout

Refresh Token

Check Auth Status

Forgot Password

OAuth — Google

OAuth — Twitter

Getting Started

API Reference

Architecture

​Endpoints

​Sign Up

​Login

​Logout

​Refresh Token

​Check Auth Status

​Forgot Password

​OAuth — Google

​OAuth — Twitter

Endpoints

Sign Up

Login

Logout

Refresh Token

Check Auth Status

Forgot Password

OAuth — Google

OAuth — Twitter