Skip to content

Authentication API

Login

http
POST /api/v1/auth/login
Content-Type: application/json

{
  "email": "admin@example.com",
  "password": "admin123"
}

Response 200 OK

json
{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer"
}

Register

http
POST /api/v1/auth/register
Content-Type: application/json

{
  "email": "user@example.com",
  "password": "securepassword",
  "full_name": "John Doe"
}

Response 201 Created

json
{
  "id": "uuid",
  "email": "user@example.com",
  "full_name": "John Doe",
  "role": "viewer"
}

Get Current User

http
GET /api/v1/auth/me
Authorization: Bearer <token>

Response 200 OK

json
{
  "id": "uuid",
  "email": "admin@example.com",
  "full_name": "Admin User",
  "role": "admin"
}

Using Tokens

Include the JWT token in the Authorization header for all authenticated requests:

bash
curl -H "Authorization: Bearer eyJ..." https://api.forgexa.net/api/v1/workspaces

Tokens expire after 24 hours by default (configurable via ACCESS_TOKEN_EXPIRE_MINUTES). Refresh tokens are valid for 30 days.

Personal Access Tokens (PAT)

For programmatic access (CI/CD, scripts), use personal access tokens instead of JWTs. PATs don't expire as quickly and can be scoped.

See the API Tokens documentation for details on creating and managing PATs.

Forgexa — AI Software Factory