-
Notifications
You must be signed in to change notification settings - Fork 0
Authentication API
The Authentication API handles user registration and login, providing JWT tokens for accessing protected endpoints.
Base URL: http://localhost:8083/api/1/auth
Service: tracker-auth (Port 8083)
Create a new user account and receive a JWT token.
Endpoint: POST /api/1/auth/register
Authentication: Not required
{
"username": "string",
"password": "string"
}| Field | Type | Required | Description |
|---|---|---|---|
| username | string | Yes | Unique username (min 3 characters) |
| password | string | Yes | Password (min 8 characters) |
Status: 201 Created
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresIn": 3600000
}| Field | Type | Description |
|---|---|---|
| token | string | JWT access token |
| tokenType | string | Token type (always "Bearer") |
| expiresIn | number | Token expiration time in milliseconds |
curl -X POST http://localhost:8083/api/1/auth/register \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"password": "securePassword123"
}'409 Conflict - Username already exists
{
"timestamp": "2025-10-16T10:30:00.000Z",
"status": 409,
"error": "Conflict",
"message": "Username already exists",
"path": "/api/1/auth/register"
}400 Bad Request - Validation error
{
"timestamp": "2025-10-16T10:30:00.000Z",
"status": 400,
"error": "Bad Request",
"message": "Username must be at least 3 characters",
"path": "/api/1/auth/register"
}Authenticate with username and password to receive a JWT token.
Endpoint: POST /api/1/auth/login
Authentication: Not required
{
"username": "string",
"password": "string"
}| Field | Type | Required | Description |
|---|---|---|---|
| username | string | Yes | Your username |
| password | string | Yes | Your password |
Status: 200 OK
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"tokenType": "Bearer",
"expiresIn": 3600000
}| Field | Type | Description |
|---|---|---|
| token | string | JWT access token |
| tokenType | string | Token type (always "Bearer") |
| expiresIn | number | Token expiration time in milliseconds (default: 1 hour) |
curl -X POST http://localhost:8083/api/1/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "johndoe",
"password": "securePassword123"
}'401 Unauthorized - Invalid credentials
{
"timestamp": "2025-10-16T10:30:00.000Z",
"status": 401,
"error": "Unauthorized",
"message": "Invalid username or password",
"path": "/api/1/auth/login"
}After successful registration or login, use the returned token in subsequent requests:
curl -X GET http://localhost:8082/api/1/trips/me \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."The JWT token contains:
- User ID: Unique identifier for the user
- Username: User's username
- Roles: User's roles (USER, ADMIN)
- Expiration: Token expiration timestamp
Tokens expire after a configured time (default: 1 hour). When a token expires, you'll receive a 401 Unauthorized response and need to login again.
Security Best Practices:
- Store tokens securely (e.g., httpOnly cookies for web apps)
- Never expose tokens in URLs
- Don't store tokens in localStorage for sensitive applications
- Clear tokens on logout
- HTTPS: Always use HTTPS in production to protect credentials and tokens
- Password Requirements: Enforce strong passwords (minimum 8 characters)
- Token Rotation: Consider implementing refresh tokens for long-lived sessions
- Rate Limiting: Implement rate limiting on authentication endpoints to prevent brute force attacks
- User API - Manage user profiles
- Trip API - Create and manage trips
- Getting Started Guide - Full workflow examples
Welcome to the Trip Tracker Backend API documentation! This wiki provides comprehensive information about all available REST APIs in the system.
- API Overview - Introduction to the API architecture and general concepts
- Getting Started - Quick start guide with examples
- Authentication - How to authenticate and obtain JWT tokens
- User API - User management endpoints
- Trip API - Trip creation, updates, and queries
- Trip Plan API - Trip planning and route management
- Comment API - Comments and reactions on trips
- Trip Update API - Location updates and tracking
- API Response Formats - Common response structures and error handling
- Security & Authorization - Authentication, roles, and permissions
The Trip Tracker Backend follows a CQRS (Command Query Responsibility Segregation) architecture with three main services:
| Service | Port | Purpose | Base Path |
|---|---|---|---|
| tracker-auth | 8083 | Authentication & user registration | /api/1/auth |
| tracker-command | 8081 | Write operations (Create, Update, Delete) | /api/1 |
| tracker-query | 8082 | Read operations (Queries) | /api/1 |
All API endpoints (except registration and login) require JWT authentication. Include the token in the Authorization header:
Authorization: Bearer <your-jwt-token>
Get your token by calling the Login endpoint.
Here's a quick example to get you started:
# 1. Register a new user
curl -X POST http://localhost:8083/api/1/auth/register \
-H "Content-Type: application/json" \
-d '{"username":"john","password":"secret123"}'
# 2. Use the returned token to create a trip
curl -X POST http://localhost:8081/api/1/trips \
-H "Authorization: Bearer <your-token>" \
-H "Content-Type: application/json" \
-d '{"name":"My Camino","visibility":"PUBLIC"}'
# 3. Query your trips
curl -X GET http://localhost:8082/api/1/trips/me \
-H "Authorization: Bearer <your-token>"For interactive API documentation with try-it-out functionality, access the Swagger UI:
- Auth Service: http://localhost:8083/swagger-ui.html
- Command Service: http://localhost:8081/swagger-ui.html
- Query Service: http://localhost:8082/swagger-ui.html
For issues, questions, or contributions:
- GitHub Issues: Report a bug or request a feature
- Source Code: View on GitHub
Ready to get started? Check out the Getting Started Guide!