API Tutorial: User Authentication and Token Refresh

Introduction
This tutorial will guide you through the process of using an authentication API that provides user registration, login, and token refresh functionalities.

1) Register Endpoint
Use the /register endpoint to create a new user by providing a unique email, a secure password, and a role.
Request

POST /register
Content-Type: application/json

{
“email”: "user@example.com",
“password”: “securepassword”,
“role”: “user”
}

Example response (Validation Error)
{
“succeeded”: false,
“errors”: [
“Passwords must have at least one non-alphanumeric character.”,
“Passwords must have at least one digit (‘0’-‘9’).”,
“Passwords must have at least one uppercase letter (‘A’-‘Z’).”
]
}

Response (Successful Registration) -> status 200

2) Login Endpoint
POST /login
Content-Type: application/json

{
“email”: "user@example.com",
“password”: “securepassword”
}

3) Refresh Endpoint
When the access token expires, use the /refresh endpoint with the expired access token and the refresh token to obtain a new access token and refresh token.

POST /refresh-token
Content-Type: application/json

{
“refreshToken”: “your_refresh_token”,
“token”: “your_access_token”
}

Important Notes

• The access token is valid for 1 hour, after which it needs to be refreshed.
• The refresh token is valid for 2 months.
• Store the refresh token securely as it’s used to obtain new access tokens.