Authentication
Sign up
POST /auth/signup
Content-Type: application/json
{
"email": "[email protected]",
"password": "your-password",
"displayName": "Your Name"
}Returns:
{
"token": "eyJ...",
"userId": "01KS...",
"email": "[email protected]",
"organizations": []
}Log in
POST /auth/login
Content-Type: application/json
{
"email": "[email protected]",
"password": "your-password"
}Returns the same shape as signup, with organizations populated if the user belongs to any.
Using the token
Include the token and organization ID in all authenticated requests:
curl https://api.pasera.app/brand/products \
-H "Authorization: Bearer eyJ..." \
-H "X-Organization-Id: 01KS..."Tokens expire after 7 days. Re-authenticate to get a new token.
Magic link
Send a passwordless login link to an email:
POST /auth/magic-link
Content-Type: application/json
{ "email": "[email protected]" }The user receives an email with a link containing a token. Verify the token:
POST /auth/magic-link/verify
Content-Type: application/json
{ "token": "abc123..." }Returns the same shape as login.
Google OAuth
- Get the Google auth URL:
GET /auth/google/url?redirect_uri=https://pasera.app/auth/callbackReturns { "url": "https://accounts.google.com/o/oauth2/v2/auth?..." }
- Redirect the user to the URL. After Google auth, exchange the code:
POST /auth/google/callback
Content-Type: application/json
{
"code": "4/0AX4...",
"redirect_uri": "https://pasera.app/auth/callback"
}The Google JWT is verified against Google’s JWKS endpoint. Returns the same shape as login.