Skip to main content

Authentication Endpoints

The Authentication API provides endpoints for user registration, login, token management, and OAuth integration. All authentication uses JWT tokens with optional OAuth providers.

Base URL

https://clipron.com/api/auth

Register User

Create a new user account with email and password. 
curl -X POST "https://clipron.com/api/auth/register" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePassword123!",
    "name": "John Doe"
  }'

Request Body

FieldTypeRequiredDescription
emailstringYesValid email address
passwordstringYesPassword (min 8 chars, must include uppercase, lowercase, number)
namestringYesUser’s full name
companystringNoCompany or organization name

Response

{
  "user": {
    "id": "user_clp_1234567890",
    "email": "[email protected]",
    "name": "John Doe",
    "company": null,
    "role": "free",
    "created_at": "2024-06-18T10:30:00Z",
    "email_verified": false
  },
  "message": "User created successfully. Please check your email for verification."
}

Login

Authenticate user and receive JWT tokens. 
curl -X POST "https://clipron.com/api/auth/login" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "[email protected]&password=SecurePassword123!"

Request Body (Form Data)

FieldTypeRequiredDescription
usernamestringYesUser’s email address
passwordstringYesUser’s password

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 1800,
  "user": {
    "id": "user_clp_1234567890",
    "email": "[email protected]",
    "name": "John Doe",
    "role": "free",
    "credit_balance": 50
  }
}

Refresh Token

Generate new access token using refresh token. 
curl -X POST "https://clipron.com/api/auth/refresh" \
  -H "Content-Type: application/json" \
  -H "Cookie: refresh_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 1800
}

Logout

Invalidate current session and tokens. 
curl -X POST "https://clipron.com/api/auth/logout" \
  -H "Authorization: Bearer <access_token>"

Response

{
  "message": "Successfully logged out"
}

Google OAuth

Initiate Google OAuth

Redirect user to Google for authentication. 
GET https://clipron.com/api/auth/google
This endpoint redirects the user to Google’s OAuth consent screen.

Google OAuth Callback

Handle Google OAuth callback (internal use). 
GET https://clipron.com/api/auth/google/callback?code=<auth_code>&state=<state>
This endpoint is called by Google after user authorization and returns JWT tokens.

GitHub OAuth

Initiate GitHub OAuth

Redirect user to GitHub for authentication. 
GET https://clipron.com/api/auth/github

GitHub OAuth Callback

Handle GitHub OAuth callback (internal use). 
GET https://clipron.com/api/auth/github/callback?code=<auth_code>&state=<state>

Password Reset

Request Password Reset

Send password reset email to user. 
curl -X POST "https://clipron.com/api/auth/password-reset" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]"
  }'

Request Body

FieldTypeRequiredDescription
emailstringYesEmail address of account to reset

Response

{
  "message": "If an account with this email exists, a password reset link has been sent."
}

Confirm Password Reset

Reset password using token from email. 
curl -X POST "https://clipron.com/api/auth/password-reset/confirm" \
  -H "Content-Type: application/json" \
  -d '{
    "token": "reset_token_from_email",
    "new_password": "NewSecurePassword123!"
  }'

Request Body

FieldTypeRequiredDescription
tokenstringYesReset token from email
new_passwordstringYesNew password (same requirements as registration)

Response

{
  "message": "Password reset successfully"
}

Email Verification

Resend Verification Email

Send new email verification link. 
curl -X POST "https://clipron.com/api/auth/verify-email/resend" \
  -H "Authorization: Bearer <access_token>"

Verify Email

Confirm email address using token from email. 
GET https://clipron.com/api/auth/verify-email?token=<verification_token>
This endpoint is typically accessed by clicking the link in the verification email.

Error Codes

CodeHTTP StatusDescription
VALIDATION_ERROR400Request validation failed
EMAIL_EXISTS400Email already registered
INVALID_CREDENTIALS401Wrong email or password
INVALID_TOKEN401JWT token invalid or expired
INVALID_REFRESH_TOKEN401Refresh token invalid
EMAIL_NOT_VERIFIED403Email verification required
ACCOUNT_LOCKED423Account temporarily locked
RATE_LIMIT_EXCEEDED429Too many requests

Security Features

Rate Limiting

  • Limit: 5 failed attempts per 15 minutes
  • Lockout: 15 minutes after 5 failures
  • Progressive: Longer lockouts for repeated failures
  • Limit: 3 registrations per IP per hour
  • Email: 1 registration per email address
  • Verification: Required within 24 hours
  • Limit: 3 reset requests per email per hour
  • Token expiry: 1 hour
  • Single use: Tokens can only be used once

Token Security

Access Tokens

  • Lifetime: 30 minutes
  • Algorithm: HS256
  • Claims: User ID, email, role, expiration

Refresh Tokens

  • Lifetime: 7 days
  • Storage: HTTP-only secure cookies
  • Rotation: New token issued on each refresh
Security Note: Always use HTTPS in production. Store refresh tokens securely and implement proper token rotation to maintain security.