Authentication
Endpoints for authentication and session management.
POST /auth/login
Authenticates a user and returns a JWT token.
Request
bash
POST /api/v1/auth/login
Content-Type: application/x-www-form-urlencodedBody
| Field | Type | Required | Description |
|---|---|---|---|
| username | string | Yes | User email |
| password | string | Yes | Password |
Example
bash
curl -X POST https://api.gbfiscalai.srv1164291.hstgr.cloud/api/v1/auth/login \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=admin@gbfiscalai.gw&password=admin123"Response 200
json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}Response 401
json
{
"detail": "Incorrect email or password"
}GET /auth/me
Returns information about the authenticated user.
Request
bash
GET /api/v1/auth/me
Authorization: Bearer <token>Example
bash
curl https://api.gbfiscalai.srv1164291.hstgr.cloud/api/v1/auth/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."Response 200
json
{
"id": 1,
"email": "admin@gbfiscalai.gw",
"full_name": "Administrator",
"role": "admin",
"is_active": true,
"created_at": "2026-01-01T00:00:00Z"
}Response 401
json
{
"detail": "Could not validate credentials"
}POST /auth/refresh
Refreshes an expiring JWT token.
Request
bash
POST /api/v1/auth/refresh
Authorization: Bearer <token>Response 200
json
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}JWT Token
Structure
The token contains:
json
{
"sub": "admin@gbfiscalai.gw",
"exp": 1736700000,
"iat": 1736696400
}| Field | Description |
|---|---|
| sub | User email |
| exp | Expiration timestamp |
| iat | Creation timestamp |
Validity Duration
- Standard token: 24 hours
- After expiration: new authentication required
Recommended Storage
- Browser: localStorage or sessionStorage
- Mobile: Secure Storage
- Backend: Environment variable
Security
WARNING
Never expose the token in logs or URLs.