Auth Service โ API Reference ๐
This document describes the public authentication APIs exposed by the Auth Service in ShopVerse.
All authentication APIs are accessed via the API Gateway.
๐ Base URLโ
/api/auth
๐ Authentication Overviewโ
- Auth Service issues JWT tokens
- JWT is validated at the API Gateway
- Downstream services rely on trusted headers
- Tokens follow a stateless authentication model
๐ Register Userโ
Create a new user account.
โค Endpointโ
POST /api/auth/register
โค Request Bodyโ
{
"fullName": "John Doe",
"email": "john@example.com",
"phoneNo": "9876543210",
"password": "StrongPassword123"
}
โค Success Response (201 CREATED)โ
{
"message": "User registered successfully"
}
โค Error Responsesโ
| Status | Reason |
|---|---|
| 400 | Invalid input |
| 409 | Email already exists |
| 500 | Internal server error |
๐ Login Userโ
Authenticate user and issue JWT token.
โค Endpointโ
POST /api/auth/login
โค Request Bodyโ
{
"email": "john@example.com",
"password": "StrongPassword123"
}
โค Success Response (200 OK)โ
{
"token": "eyJhbGciOiJIUzUxMiJ9...",
"type": "Bearer"
}
โค Error Responsesโ
| Status | Reason |
|---|---|
| 401 | Invalid credentials |
| 404 | User not found |
| 500 | Internal server error |
๐งพ JWT Token Detailsโ
Token Formatโ
Authorization: Bearer <JWT_TOKEN>
JWT Claimsโ
{
"sub": "john@example.com",
"role": "CUSTOMER",
"name": "John Doe",
"iat": 1710000000,
"exp": 1710003600
}
| Claim | Description |
|---|---|
sub | User email (identity) |
role | User role |
exp | Token expiration |
๐ Authentication Flow Summaryโ
๐ก Events Publishedโ
| Event | Topic | Description |
|---|---|---|
| USER_REGISTERED | auth-events | New user registration |
| USER_LOGIN | auth-events | User login activity |
These events are consumed by:
- Notification Service
- Analytics Service
๐ก๏ธ Security Notesโ
- Passwords are never stored or logged in plain text
- BCrypt is used for password hashing
- JWT uses HS512 signing
- Token expiration is enforced
- Auth APIs are rate-limit ready
โ ๏ธ Common Issuesโ
โ Invalid Tokenโ
- Token expired or tampered
- Re-login required
โ Multiple Login Attemptsโ
- Invalid credentials return generic error
- Prevents user enumeration
๐ Summaryโ
The Auth API provides:
- Secure user authentication
- Stateless JWT-based authorization
- Clean integration with API Gateway
- Event-driven extensibility
It serves as the entry point for security in ShopVerse.