OnlyUp

  • Getting Started

Getting Started

Authenticate

Registered users can log in by sending their username and password, and receive a valid Token to use other APIs. This Token has a specific expiration time and must be renewed after it expires.

Request

curl --location 'api.onlyup.ir/api/v1/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
  "identifier": "r.rahiminia1@gmail.com",
  "password": "Reza12345678"
}'

Response

{
    "statusCode": 200,
    "message": "User logged in succesfully",
    "data": {
        "user": {
            "user_id": 7,
            "name": "ramin",
            "username": "rahiminia1",
            "email": "r.rahiminia1@gmail.com",
            "created_at": "2025-07-13T10:54:22.000Z",
            "deleted_at": null
        },
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjcsImlhdCI6MTc1NTk0MTM1NSwiZXhwIjoxNzg3NDc3MzU1fQ.13t1cydpD80PRK4CGa2ij6l_Oe9NLgdhgGf94_Ouq-E"
    }
}

Parameters

NameTypeRequiredDescription
identifierstringYesUser's email or username
passwordstringYesUser's password
tokenstringNoJWT token for authenticated requests

Response Fields

NameTypeDescription
statusCodenumberHTTP status code of the response
messagestringMessage indicating the result of the login attempt
dataobjectContains user information and token
userobjectContains user details
user_idnumberUnique identifier for the user
namestringUser's full name
usernamestringUser's username
emailstringUser's email address
created_atstringTimestamp of when the user was created
deleted_atstringTimestamp of when the user was deleted (null if not deleted)
tokenstringJWT token for authenticated requests

Responses

CodeDescription
200User logged in successfully
400Bad request, invalid credentials
401Unauthorized, invalid credentials
404Not found, user does not exist

Notes

  • The identifier can be either the user's email or username.
  • The token returned in the response is a JWT (JSON Web Token) that must be included in the headers of subsequent API requests to access protected resources.
  • The token has an expiration time, after which it must be renewed by logging in again.
  • Ensure that the password is stored securely and not logged or exposed in any way.
  • Always use HTTPS to protect sensitive information during transmission.
Edit this page on GitHub

OnlyUp