Auth API

POST /auth/register

Request

{ "name": "string", "email": "string", "password": "string" }

Response 200

{
  "success": true,
  "data": {
    "accessToken": "eyJ...",
    "expiresIn": 3600,
    "user": { "id": "ten_01j...", "name": "string", "email": "string" }
  }
}

POST /auth/login

Authenticate with email and password.

Request

{ "email": "string", "password": "string" }

Response 200 — same shape as register.

GET /auth/google

Redirect to Google OAuth. No body. Redirects browser.

GET /auth/github

Redirect to GitHub OAuth. No body. Redirects browser.

POST /auth/refresh

Exchange a refresh token for a new access token. The refresh token is read from the HttpOnly cookie automatically, or pass it in the body.

Request (optional)

{ "refreshToken": "rt_..." }

Response 200

{ "accessToken": "eyJ...", "expiresIn": 3600 }

POST /auth/logout

Revoke the current session.

Auth: Bearer JWT

Response: 204 No Content

GET /auth/me

Return the authenticated tenant's profile.

Auth: Bearer JWT

Response 200

{
  "id": "ten_01j...",
  "name": "string",
  "email": "string",
  "avatarUrl": "string | null",
  "oauthProvider": "google | github | email | null",
  "planId": "string | null",
  "isActive": true,
  "emailVerified": false,
  "createdAt": "ISO8601",
  "updatedAt": "ISO8601"
}

POST /auth/register​

POST /auth/login​

GET /auth/google​

GET /auth/github​

POST /auth/refresh​

POST /auth/logout​

GET /auth/me​

POST /auth/register

POST /auth/login

GET /auth/google

GET /auth/github

POST /auth/refresh

POST /auth/logout

GET /auth/me