genum_backend

Genum Authentication API Documentation

Okoroafor Kelechi Divine's photo
Okoroafor Kelechi Divine
·

2 min read

Table of contents

This document details the REST API endpoints provided by the GenumUserController. All endpoints are prefixed with /api/user. Here is the baseUrl for all endpoints https://backend-9qqc.onrender.com

Error Handling: All endpoints return a standardized ResponseDetails object, containing a timestamp, message, status code (as a String), and data (if successful). Specific HTTP status codes indicate errors as follows:

  • 400 Bad Request: Indicates invalid input data. Details may be found in the response body.

  • 409 Conflict: Indicates a resource conflict, such as attempting to create an existing user.

Endpoints

1. Create User

  • Endpoint: /api/user/create

  • Method: POST

  • Description: Creates a new user.

  • Request Body: UserCreationRequest (JSON) - It should include all required user creation fields: firstName, lastName, email, password, country, and gender.

  • Response: ResponseEntity<ResponseDetails<GenumUserDTO>> A standard response containing a created GenumUserDTO object (or an error response).

  • Example Request (using curl, replace with actual UserCreationRequest JSON):

curl -X POST -H "Content-Type: application/json" -d '{"firstName":"John","lastName":"Doe","email":"john.doe@example.com","password":"password123"}' "http://localhost:8080/api/user/create"

2. Login User

This controller handles user authentication via email and password. It uses Spring Security's AuthenticationManager to authenticate the user, add a JWT (JSON Web Token) to the response header for subsequent authenticated requests.

Endpoint: /api/auth/login

Method: POST

Request Body:

FieldTypeDescriptionRequired
emailStringUser's email address.Yes
passwordStringUser's password.Yes

Request Example (JSON):

{
  "email": "user@example.com",
  "password": "password123"
}

Response:

  • Success (200 OK): Returns the string "Login successful". A JWT will be added to the Authorization header of the HTTP response in the format Bearer <JWT>.

  • Error (401 Unauthorized): Returned if authentication fails (incorrect credentials). The specific error message will depend on the underlying authentication mechanism. Error details may be provided in the response body.

Security Considerations:

  • Sensitive Data: This endpoint handles sensitive data (email and password). Ensure appropriate security measures are in place, including input validation and secure storage of credentials.

  • JWT Security: The JWT should be configured with appropriate security settings (e.g., strong algorithm, short lifespan, HTTPS).

Example Usage (cURL):

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "password123"
  }' \
  http://localhost:8080/api/auth/login

The response will contain the "Login successful" message in the body and the JWT in the Authorization header. Subsequent requests should include the Authorization header with the JWT to gain access to protected resources.