Authentication API
Base path: /api/auth
All API responses are wrapped in CommonResponseDTO (see Common Response Format below).
Login
Authenticates a user and sets a JWT cookie.
http
POST /api/auth/login
Content-Type: application/jsonRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | ✅ | User email address |
password | string | ✅ | User password |
Example
bash
curl -X POST http://localhost:8080/api/auth/login \
-H "Content-Type: application/json" \
-c cookies.txt \
-d '{"email": "admin@example.com", "password": "secret"}'Response 200 OK
json
{
"code": "SUCCESS",
"data": {
"id": "a1b2c3d4-...",
"email": "admin@example.com",
"fullName": "Admin User",
"roles": ["ADMIN"],
"active": true
},
"timestamp": "2026-04-13T01:00:00Z"
}The JWT is returned as an HTTP-only
Set-Cookieheader. Include it in subsequent requests using-b cookies.txtwith curl, or let your HTTP client handle cookies automatically.
Get Current User
Returns the currently authenticated user's profile.
http
GET /api/auth/meExample
bash
curl http://localhost:8080/api/auth/me -b cookies.txtResponse 200 OK
json
{
"code": "SUCCESS",
"data": {
"id": "a1b2c3d4-...",
"email": "admin@example.com",
"fullName": "Admin User",
"roles": ["ADMIN"],
"active": true
}
}Change Password
Updates the authenticated user's password.
http
PUT /api/auth/me/password
Content-Type: application/jsonRequest Body
| Field | Type | Required | Description |
|---|---|---|---|
currentPassword | string | ✅ | Existing password |
newPassword | string | ✅ | New password |
Example
bash
curl -X PUT http://localhost:8080/api/auth/me/password \
-H "Content-Type: application/json" \
-b cookies.txt \
-d '{"currentPassword": "old", "newPassword": "newSecret123"}'Response 200 OK
json
{ "code": "SUCCESS" }Common Response Format
Every API response is wrapped in CommonResponseDTO:
json
{
"code": "SUCCESS",
"message": null,
"data": { ... },
"meta": null,
"timestamp": "2026-04-13T01:00:00Z"
}| Field | Type | Description |
|---|---|---|
code | ResponseCode | SUCCESS or an error code |
message | string? | Human-readable error message (null on success) |
data | T? | Response payload |
meta | object? | Extra metadata (e.g. validation details) |
timestamp | Instant | Server-side timestamp |