Skip to main content
login and refresh are public. logout and me only accept JWT access tokens.

Login

POST /api/v1/auth/login
Real responses are wrapped in data and include:
  • accessToken
  • refreshToken
  • accessTokenExpiresAtUtc
  • refreshTokenExpiresAtUtc
  • user
The serialized role values are superAdmin, admin, and user.

Refresh

POST /api/v1/auth/refresh
Returns the same structure as login.

Logout

POST /api/v1/auth/logout
Authorization: Bearer <access_token>
Returns 204 No Content.

Current user

GET /api/v1/auth/me
Authorization: Bearer <access_token>

System bootstrap

GET /api/v1/system/bootstrap
Returns:
  • apiKeyRequired
  • maxUploadSizeBytes
  • allowedContentTypes
This endpoint reports runtime configuration only. It does not confirm whether the bootstrap SuperAdmin exists.