Authentication
WAFlow uses session-based authentication. After a successful login, a session cookie is set that must be included in all subsequent API requests.
Register User
Create a new user account.
POST /api/auth/register
Request Body:
{
"email": "[email protected]",
"password": "password123",
"name": "John Doe"
}
Response:
{
"success": true,
"message": "User created successfully",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"createdAt": "2025-01-01T00:00:00.000Z"
}
}
cURL Example:
curl -X POST "https://waflow.edesy.in/api/auth/register" \
-H "Content-Type: application/json" \
-d '{
"email": "[email protected]",
"password": "password123",
"name": "John Doe"
}'
Login User
Authenticate and create a session.
POST /api/auth/login
Request Body:
{
"email": "[email protected]",
"password": "password123"
}
Response:
{
"success": true,
"message": "Login successful",
"user": {
"id": 1,
"email": "[email protected]",
"name": "John Doe"
}
}
cURL Example:
curl -X POST "https://waflow.edesy.in/api/auth/login" \
-H "Content-Type: application/json" \
-c cookies.txt \
-d '{
"email": "[email protected]",
"password": "password123"
}'
Note: The
-c cookies.txtflag saves the session cookie for use in subsequent requests.
JavaScript Example:
const response = await fetch('https://waflow.edesy.in/api/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
credentials: 'include',
body: JSON.stringify({
email: '[email protected]',
password: 'password123'
})
});
const data = await response.json();
console.log(data);
Get Current User
Get information about the currently authenticated user.
GET /api/auth/me
Response:
{
"id": 1,
"email": "[email protected]",
"name": "John Doe",
"createdAt": "2025-01-01T00:00:00.000Z"
}
cURL Example:
curl -X GET "https://waflow.edesy.in/api/auth/me" \
-H "Content-Type: application/json" \
-b cookies.txt
Logout User
End the current user session.
POST /api/auth/logout
Response:
{
"success": true,
"message": "Logged out successfully"
}
cURL Example:
curl -X POST "https://waflow.edesy.in/api/auth/logout" \
-H "Content-Type: application/json" \
-b cookies.txt
Authentication Flow
- Register - Create a new user account (if needed)
- Login - Authenticate to get a session cookie
- Include Cookie - Session cookie is automatically included in browser requests
- API Requests - Use authenticated endpoints with the session
Session Management
- Sessions expire after 24 hours of inactivity
- Sessions are invalidated on logout
- Multiple sessions per user are supported
- For server-to-server integrations, consider using API keys (coming soon)
Error Responses
Invalid Credentials (401):
{
"success": false,
"error": {
"code": "INVALID_CREDENTIALS",
"message": "Invalid email or password"
}
}
Session Expired (401):
{
"success": false,
"error": {
"code": "SESSION_EXPIRED",
"message": "Your session has expired. Please login again."
}
}
Email Already Exists (400):
{
"success": false,
"error": {
"code": "EMAIL_EXISTS",
"message": "An account with this email already exists"
}
}