ezyWFMezyWFM
Docs

Authentication API

Endpoints for user registration, login, and password management.

Register

Create a new organization with an admin user.

POST/api/auth/registerAuth: None

Register a new organization and admin user.

Request Body:

json
{
  "organizationName": "My Company",
  "firstName": "John",
  "lastName": "Doe",
  "email": "john@mycompany.com",
  "password": "securepassword123"
}
ParameterTypeRequiredDescription
organizationNamestringRequiredOrganization name (2-255 characters)
firstNamestringRequiredUser's first name (1-100 characters)
lastNamestringRequiredUser's last name (1-100 characters)
emailstringRequiredValid email address
passwordstringRequiredPassword (6-100 characters)

Response (201):

json
{
  "success": true,
  "message": "Account created successfully. Please check your email to verify your account.",
  "user": {
    "id": "uuid",
    "email": "john@mycompany.com",
    "firstName": "John",
    "lastName": "Doe"
  },
  "organization": {
    "id": "uuid",
    "name": "My Company",
    "slug": "my-company"
  }
}

A verification email is sent to the provided email address.

Verify Email

Verify a user's email address using the token from the verification email.

POST/api/auth/verify-emailAuth: None

Verify email with token from email link.

Request Body:

json
{
  "token": "verification-token-from-email"
}

Response (200):

json
{
  "success": true
}

Forgot Password

Request a password reset email.

POST/api/auth/forgot-passwordAuth: None

Send password reset email.

Request Body:

json
{
  "email": "john@mycompany.com"
}

Response (200):

json
{
  "success": true
}

For security, the response is always successful even if the email doesn't exist.

Reset Password

Reset password using token from the reset email.

POST/api/auth/reset-passwordAuth: None

Reset password with token.

Request Body:

json
{
  "token": "reset-token-from-email",
  "password": "newSecurePassword123"
}
ParameterTypeRequiredDescription
tokenstringRequiredToken from password reset email
passwordstringRequiredNew password (6-100 characters)

Response (200):

json
{
  "success": true
}

Resend Verification

Resend the email verification link.

POST/api/auth/resend-verificationAuth: None

Resend verification email.

Request Body:

json
{
  "email": "john@mycompany.com"
}

Response (200):

json
{
  "success": true
}

Session Authentication

For web applications, authentication is handled through NextAuth.js:

Login Flow

  1. POST credentials to /api/auth/callback/credentials
  2. Session cookie is set automatically
  3. Include cookies in subsequent requests

Login Endpoint

POST/api/auth/callback/credentialsAuth: None

Authenticate and create session.

Request Body:

json
{
  "email": "john@mycompany.com",
  "password": "password123"
}

Logout

POST/api/auth/signoutAuth: Session

End the current session.

Get Session

GET/api/auth/sessionAuth: Session

Get current session information.

Response:

json
{
  "user": {
    "id": "uuid",
    "email": "john@mycompany.com",
    "name": "John Doe",
    "organizationId": "uuid",
    "role": "admin"
  },
  "expires": "2026-03-01T00:00:00.000Z"
}