POST /api/auth/token
Authenticate user

Validates user’s email and password and returns auth token.

Use this token either by adding it to “Authorization” request header (preferred method) or to “token” request param.

Note: “Authorization” header value format is the following: “Bearer token”, request param value is just the token.

Examples

Login failed output example:

403 Unauthorized
{
  "error": "Invalid email or password."
}

Login succeeded output example:

200 OK
{
  "token": "rH8xoroj1-yCQM4uuRGT",
  "user_id": 2,
  "receipts_email": "76578310-63ee-4183-bf1b-57f16b507905@bezala.com"
}
    

Params

Param name Description
email
required

User’s email

Validations:

  • Must be String

password
required

User’s password

Validations:

  • Must be String


POST /api/auth/google/token
Authenticate user via Google access token

Validates Google access token and checks whether the claimed identity (email) corresponds to that of the token.

If valdation pass, returns token generated by Bezala (similar to /auth/token API method).

Use this token either by adding it to “Authorization” request header (preferred method) or to “token” request param.

Note: “Authorization” header value format is the following: “Bearer token”, request param value is just the token.

Params

Param name Description
email
required

User’s email (claimed identity)

Validations:

  • Must be String

google_access_token
required

Access token received via Google’s OAuth2

Validations:

  • Must be String


POST /api/auth/microsoft/token
Authenticate user via Microsoft access token

Validates Microsoft access token and checks whether the claimed identity (email) corresponds to that of the token.

If valdation pass, returns token generated by Bezala (similar to /auth/token API method).

Use this token either by adding it to “Authorization” request header (preferred method) or to “token” request param.

Note: “Authorization” header value format is the following: “Bearer token”, request param value is just the token.

Params

Param name Description
email
required

User’s email (claimed identity)

Validations:

  • Must be String

microsoft_access_token
required

Access token received via Microsoft’s OAuth2

Validations:

  • Must be String