Authentication

WAFlow uses session-based authentication. After a successful login, a session cookie is set that must be included in all subsequent API requests.

Register User

Create a new user account.

POST /api/auth/register

Request Body:

{
  "email": "[email protected]",
  "password": "password123",
  "name": "John Doe"
}

Response:

{
  "success": true,
  "message": "User created successfully",
  "user": {
    "id": 1,
    "email": "[email protected]",
    "name": "John Doe",
    "createdAt": "2025-01-01T00:00:00.000Z"
  }
}

cURL Example:

curl -X POST "https://waflow.edesy.in/api/auth/register" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "password123",
    "name": "John Doe"
  }'

Login User

Authenticate and create a session.

POST /api/auth/login

Request Body:

{
  "email": "[email protected]",
  "password": "password123"
}

Response:

{
  "success": true,
  "message": "Login successful",
  "user": {
    "id": 1,
    "email": "[email protected]",
    "name": "John Doe"
  }
}

cURL Example:

curl -X POST "https://waflow.edesy.in/api/auth/login" \
  -H "Content-Type: application/json" \
  -c cookies.txt \
  -d '{
    "email": "[email protected]",
    "password": "password123"
  }'

Note: The -c cookies.txt flag saves the session cookie for use in subsequent requests.

JavaScript Example:

const response = await fetch('https://waflow.edesy.in/api/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  credentials: 'include',
  body: JSON.stringify({
    email: '[email protected]',
    password: 'password123'
  })
});

const data = await response.json();
console.log(data);

Get Current User

Get information about the currently authenticated user.

GET /api/auth/me

Response:

{
  "id": 1,
  "email": "[email protected]",
  "name": "John Doe",
  "createdAt": "2025-01-01T00:00:00.000Z"
}

cURL Example:

curl -X GET "https://waflow.edesy.in/api/auth/me" \
  -H "Content-Type: application/json" \
  -b cookies.txt

Logout User

End the current user session.

POST /api/auth/logout

Response:

{
  "success": true,
  "message": "Logged out successfully"
}

cURL Example:

curl -X POST "https://waflow.edesy.in/api/auth/logout" \
  -H "Content-Type: application/json" \
  -b cookies.txt

Authentication Flow

1. Register - Create a new user account (if needed)
2. Login - Authenticate to get a session cookie
3. Include Cookie - Session cookie is automatically included in browser requests
4. API Requests - Use authenticated endpoints with the session

Session Management

• Sessions expire after 24 hours of inactivity
• Sessions are invalidated on logout
• Multiple sessions per user are supported
• For server-to-server integrations, consider using API keys (coming soon)

Error Responses

Invalid Credentials (401):

{
  "success": false,
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid email or password"
  }
}

Session Expired (401):

{
  "success": false,
  "error": {
    "code": "SESSION_EXPIRED",
    "message": "Your session has expired. Please login again."
  }
}

Email Already Exists (400):

{
  "success": false,
  "error": {
    "code": "EMAIL_EXISTS",
    "message": "An account with this email already exists"
  }
}