Login
Description
Authenticate a user and generate access and refresh tokens for subsequent API calls.
Authentication
- Required: No
- Roles: None
Request
Headers
POST /v1/auth/login
Content-Type: application/json
Request Body
{
"username": "0329579782",
"password": "password@789"
}
Field Descriptions
username:
- Type: string
- Required: Yes
- Description: User's username (1-50 characters)
password:
- Type: string
- Required: Yes
- Description: User's password (6-100 characters)
Response
Success Response (200)
{
"data": {
"user": {
"id": 1,
"username": "0329579782",
"firstName": "John",
"lastName": "Doe",
"email": "john@example.com",
"phoneNumber": "0329579782",
"roleId": 1
},
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}
user:
- Type: object
- Description: User information
accessToken:
- Type: string
- Description: JWT access token for authenticated requests
Error Responses
- 422: Validation errors (see Error Response Format)
Error Codes
- E001_MISSING_DATA: Missing required fields
- E001_AUTH_FAILURE: Authentication failure
- E004_BAD_INVALID_DOMAIN: Invalid domain provided
Example Usage
curl -X POST https://api.stepx.io.vn/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "0329579782",
"password": "password@789"
}'
const response = await fetch('https://api.stepx.io.vn/v1/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
username: '0329579782',
password: 'password@789'
})
});
const data = await response.json();
Notes
- A refresh token is automatically set as an HTTP-only cookie
- The access token should be included in the Authorization header for protected endpoints
- Refresh tokens expire after 7 days