Auth
APIs for authentication
Sign In
POST
http://localhost:7002/api/auth/signin
access token and refresh token* Currently, the api is using
http and it does have vulnerability of sending plain password, but it will soon be updated to https.*
access tokens will be expired 10 minutes after they are issued.*
refresh tokens will be expired 2 weeks after they are issued.Body Parameters
| Field | Type | Description |
|---|---|---|
|
id required |
string |
ID |
|
pw required |
string |
(plain) password |
Success
200 : Success
Fail
400 : Bad Request
- Either one of id or pw is not included in the request.
- id is not registered.
- id and pw are not matching.
ID Duplication Check
GET
http://localhost:7002/api/auth/id-duplicate-check
id is duplicated or notQuery Parameters
| Field | Type | Description |
|---|---|---|
|
id required |
string |
ID |
Success
200 : Success
id is not duplicated(good to use)
Fail
400 : Bad Request
id is duplicated(not good to use)
Sign Up
POST
http://localhost:7002/api/auth/signup
Body Parameters
| Field | Type | Description |
|---|---|---|
|
id required |
string |
ID |
|
pw required |
string |
(plain) Password |
|
nickname required |
string |
Nickname |
|
required |
string |
|
|
age required |
int |
Age |
Success
200 : Success
New account has been successfully created.
Fail
400 : Bad Request
- Either one of id, pw, nickname, email or age is not included in the request or not a proper type.
- id already registered(duplicated id)
Refresh Token
GET
http://localhost:7002/api/auth/refresh
refresh tokenHeaders
| Field | Type | Description |
|---|---|---|
|
x-access-token required |
string |
(expired) access token |
|
x-refresh-token required |
string |
refresh token |
Success
200 : Success
Fail
401 : Unauthorized
- x-access-token or x-refresh-token is not provided.
- x-access-token or x-refresh-token is not valid(not issued by the server, or modified).
- x-refresh-token is banned.
- x-access-token and x-refresh-token are not matching.