Page Introduction

Auth namespace

This namespace page contains request/response examples, endpoint matrix, and implementation-ready method details for frontend API clients.

Use quick index for direct navigation to endpoint details.
Use matrix view to verify auth and method-path combinations.
Test namespace calls in Workshop Try-It before integrating UI actions.

Choose next step

Back to workshop index Open workshop try-it Open all workshop endpoints

Workshop Namespace

Auth

Authentication endpoints for workshop users: sign up, sign in, refresh, and logout.

6Endpoint methods

Test in Workshop Try-It OpenAPI JSON

Endpoint Quick Index

Click an endpoint to jump to details and code examples.

POST /api/ws/auth/sign-up POST /api/ws/auth/sign-in POST /api/ws/auth/refresh-token POST /api/ws/auth/logout POST /api/ws/auth/sign-out POST /api/ws/auth/forgot-password

Endpoint Matrix

Method	Path	Auth	Summary
POST	`/api/ws/auth/sign-up`	APIKey	Register workshop user
POST	`/api/ws/auth/sign-in`	APIKey	Sign in
POST	`/api/ws/auth/refresh-token`	Public (no auth decorator detected).	Refresh access token
POST	`/api/ws/auth/logout`	Public (no auth decorator detected).	Logout
POST	`/api/ws/auth/sign-out`	Public (no auth decorator detected).	Logout alias (deprecated)
POST	`/api/ws/auth/forgot-password`	Public (no auth decorator detected).	Send password reset email

Detailed Endpoints

POST/api/ws/auth/sign-up

Creates a new workshop user and sends an email verification link. Body options - Send JSON using SignUpModel. - Or send multipart/form-data with the same fields and optional file/profile_image. Next step Use the email ver...

Auth: APIKeySource: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "email": "workshop@example.com",
    "password": "StrongPassword123!",
    "first_name": "Ola",
    "last_name": "Nordmann",
    "phone_no": "+4799999999"
  }
}

Response Example

{
  "success": true,
  "message": "Operation completed"
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/sign-up`,
    headers: {
      "Content-Type": "application/json",
      "x-api-key": API_KEY,
    },
    data: {
      "email": "workshop@example.com",
      "password": "StrongPassword123!",
      "first_name": "Ola",
      "last_name": "Nordmann",
      "phone_no": "+4799999999"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/sign-up" \\
  -H "Content-Type: application/json" \\
  -H "x-api-key: ${API_KEY}" \\
  -d '{
  "email": "workshop@example.com",
  "password": "StrongPassword123!",
  "first_name": "Ola",
  "last_name": "Nordmann",
  "phone_no": "+4799999999"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/sign-up`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": API_KEY,
  },
  body: JSON.stringify({
    "email": "workshop@example.com",
    "password": "StrongPassword123!",
    "first_name": "Ola",
    "last_name": "Nordmann",
    "phone_no": "+4799999999"
  }),
});

const data = await response.json();
console.log(data);

POST/api/ws/auth/sign-in

Authenticates a workshop user with email/password and returns a JWT access token. Also sets a secure HttpOnly refresh_token cookie. Notes Users must confirm their email before signing in.

Auth: APIKeySource: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "email": "workshop@example.com",
    "password": "StrongPassword123!"
  }
}

Response Example

{
  "access_token": "eyJhbGciOi...",
  "token_type": "bearer",
  "expires_in": 3600,
  "user": {
    "id": "ws-user-123",
    "email": "workshop@example.com"
  }
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/sign-in`,
    headers: {
      "Content-Type": "application/json",
      "x-api-key": API_KEY,
    },
    data: {
      "email": "workshop@example.com",
      "password": "StrongPassword123!"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/sign-in" \\
  -H "Content-Type: application/json" \\
  -H "x-api-key: ${API_KEY}" \\
  -d '{
  "email": "workshop@example.com",
  "password": "StrongPassword123!"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/sign-in`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "x-api-key": API_KEY,
  },
  body: JSON.stringify({
    "email": "workshop@example.com",
    "password": "StrongPassword123!"
  }),
});

const data = await response.json();
console.log(data);

POST/api/ws/auth/refresh-token

Refresh access token

Generates a new access token using the refresh_token cookie.

Auth: Public (no auth decorator detected).Source: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "example_field": "example_value"
  }
}

Response Example

{
  "access_token": "eyJhbGciOi...new",
  "token_type": "bearer",
  "expires_in": 3600
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/refresh-token`,
    headers: {
      "Content-Type": "application/json",
    },
    data: {
      "example_field": "example_value"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/refresh-token" \\
  -H "Content-Type: application/json" \\
  -d '{
  "example_field": "example_value"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/refresh-token`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "example_field": "example_value"
  }),
});

const data = await response.json();
console.log(data);

POST/api/ws/auth/logout

Logout

Clears the refresh_token cookie client-side.

Auth: Public (no auth decorator detected).Source: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "example_field": "example_value"
  }
}

Response Example

{
  "success": true,
  "message": "Operation completed"
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/logout`,
    headers: {
      "Content-Type": "application/json",
    },
    data: {
      "example_field": "example_value"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/logout" \\
  -H "Content-Type: application/json" \\
  -d '{
  "example_field": "example_value"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/logout`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "example_field": "example_value"
  }),
});

const data = await response.json();
console.log(data);

POST/api/ws/auth/sign-out

Logout alias (deprecated)

Deprecated alias for POST /api/ws/auth/logout.

Auth: Public (no auth decorator detected).Source: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "example_field": "example_value"
  }
}

Response Example

{
  "success": true,
  "message": "Operation completed"
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/sign-out`,
    headers: {
      "Content-Type": "application/json",
    },
    data: {
      "example_field": "example_value"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/sign-out" \\
  -H "Content-Type: application/json" \\
  -d '{
  "example_field": "example_value"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/sign-out`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "example_field": "example_value"
  }),
});

const data = await response.json();
console.log(data);

POST/api/ws/auth/forgot-password

Send password reset email

Triggers a password reset email for the given account. Response is intentionally generic to avoid account enumeration.

Auth: Public (no auth decorator detected).Source: API-DOC/workshop-rules/auth.md

Request Example

{
  "body": {
    "email": "workshop@example.com"
  }
}

Response Example

{
  "success": true,
  "message": "Operation completed"
}

Node.js Axios example

import axios from "axios";

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

async function run() {
  const response = await axios({
    method: "post",
    url: `${BASE_URL}/api/ws/auth/forgot-password`,
    headers: {
      "Content-Type": "application/json",
    },
    data: {
      "email": "workshop@example.com"
    },
    timeout: 20000,
  });

  console.log(response.data);
}

run().catch((error) => {
  console.error(error.response?.data ?? error.message);
});

cURL example

BASE_URL="${MINBIL_API_BASE_URL:-http://localhost:5000}"
API_KEY="${MINBIL_API_KEY:-YOUR_API_KEY}"
ACCESS_TOKEN="${MINBIL_WS_ACCESS_TOKEN:-YOUR_BEARER_TOKEN}"

curl -X POST "${BASE_URL}/api/ws/auth/forgot-password" \\
  -H "Content-Type: application/json" \\
  -d '{
  "email": "workshop@example.com"
}'

Fetch example

const BASE_URL = process.env.MINBIL_API_BASE_URL ?? "http://localhost:5000";
const API_KEY = process.env.MINBIL_API_KEY ?? "YOUR_API_KEY";
const ACCESS_TOKEN = process.env.MINBIL_WS_ACCESS_TOKEN ?? "YOUR_BEARER_TOKEN";

const response = await fetch(`${BASE_URL}/api/ws/auth/forgot-password`, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    "email": "workshop@example.com"
  }),
});

const data = await response.json();
console.log(data);