POST /api/v1/auth/sign_in
Authenticate with email and password. Returns JWT access + refresh tokens.
Request
POST /api/v1/auth/sign_in
Content-Type: application/json
{
"email": "user@example.com",
"password": "secret123"
}
Response 200
{
"success": true,
"status": "200",
"message": "Signed in successfully",
"errors": null,
"data": {
"user": {
"id": "uuid",
"email": "user@example.com",
"phone": "+37369000000",
"role": "client",
"confirmed_at": null
},
"access_token": "<jwt>",
"refresh_token": "<jwt>",
"expires_at": "2026-04-06T12:15:00Z"
}
}
Response 401 — Invalid credentials
{
"success": false,
"status": "401",
"message": "Invalid credentials",
"errors": null,
"data": null
}
Token Lifetimes
| Token | TTL |
|---|---|
access_token | 15 minutes |
refresh_token | 30 days |
Use access_token in the header:
Authorization: Bearer <access_token>