Auth Rail
Auth Rail
Section titled “Auth Rail”Authentication, session management, and MFA.
Overview
Section titled “Overview”The Auth Rail provides endpoints for user authentication, session management, multi-factor authentication, and password management.
Base URL
Section titled “Base URL”/api/v1/authEndpoints
Section titled “Endpoints”POST /api/v1/auth/loginAuthenticate user and create session.
Request Body:
{ "email": "user@example.com", "password": "********", "rememberMe": true}Response:
{ "data": { "accessToken": "eyJhbGciOiJSUzI1NiIs...", "refreshToken": "dGhpcyBpcyBhIHJlZnJl...", "tokenType": "Bearer", "expiresIn": 3600, "user": { "id": "user_123", "email": "user@example.com", "name": "Ahmad Abdullah", "roles": ["admin"] }, "mfaRequired": false }}Refresh Token
Section titled “Refresh Token”POST /api/v1/auth/refreshRefresh access token.
Request Body:
{ "refreshToken": "dGhpcyBpcyBhIHJlZnJl..."}Logout
Section titled “Logout”POST /api/v1/auth/logoutInvalidate session.
Register
Section titled “Register”POST /api/v1/auth/registerRegister new user.
Request Body:
{ "email": "newuser@example.com", "password": "SecureP@ss123", "name": "New User", "tenantId": "tenant_123"}Verify Email
Section titled “Verify Email”POST /api/v1/auth/verify-emailVerify email address.
Request Body:
{ "token": "verification_token_here"}Forgot Password
Section titled “Forgot Password”POST /api/v1/auth/forgot-passwordRequest password reset.
Request Body:
{ "email": "user@example.com"}Reset Password
Section titled “Reset Password”POST /api/v1/auth/reset-passwordReset password with token.
Request Body:
{ "token": "reset_token_here", "password": "NewSecureP@ss123"}Change Password
Section titled “Change Password”POST /api/v1/auth/change-passwordChange current user password.
Request Body:
{ "currentPassword": "OldP@ss123", "newPassword": "NewSecureP@ss123"}Setup MFA
Section titled “Setup MFA”POST /api/v1/auth/mfa/setupSet up multi-factor authentication.
Request Body:
{ "method": "TOTP"}Response:
{ "data": { "secret": "JBSWY3DPEHPK3PXP", "qrCode": "data:image/png;base64,...", "backupCodes": ["12345678", "87654321", "..."] }}Verify MFA
Section titled “Verify MFA”POST /api/v1/auth/mfa/verifyVerify MFA code during login.
Request Body:
{ "code": "123456", "trustDevice": true}Get Sessions
Section titled “Get Sessions”GET /api/v1/auth/sessionsList active sessions.
Revoke Session
Section titled “Revoke Session”DELETE /api/v1/auth/sessions/:sessionIdRevoke a specific session.
MFA Methods
Section titled “MFA Methods”| Method | Description |
|---|---|
| TOTP | Time-based OTP (Google Authenticator) |
| SMS | SMS OTP |
| Email OTP | |
| HARDWARE | Hardware key (FIDO2) |
Token Types
Section titled “Token Types”| Type | Lifetime | Use Case |
|---|---|---|
| Access Token | 1 hour | API requests |
| Refresh Token | 7 days | Token refresh |
| ID Token | 1 hour | User identity |
Events
Section titled “Events”| Event | Description |
|---|---|
auth.login.success | Successful login |
auth.login.failed | Failed login attempt |
auth.logout | User logged out |
auth.password.changed | Password changed |
auth.mfa.enabled | MFA enabled |
See Also
Section titled “See Also”- OAuth2 Rail - OAuth 2.0 flows
- SAML Rail - Enterprise SSO