API ReferenceAuthentication

Authentication

Sign up

POST /auth/signup
Content-Type: application/json
 
{
  "email": "[email protected]",
  "password": "your-password",
  "displayName": "Your Name"
}

Returns:

{
  "token": "eyJ...",
  "userId": "01KS...",
  "email": "[email protected]",
  "organizations": []
}

Log in

POST /auth/login
Content-Type: application/json
 
{
  "email": "[email protected]",
  "password": "your-password"
}

Returns the same shape as signup, with organizations populated if the user belongs to any.

Using the token

Include the token and organization ID in all authenticated requests:

curl https://api.pasera.app/brand/products \
  -H "Authorization: Bearer eyJ..." \
  -H "X-Organization-Id: 01KS..."

Tokens expire after 7 days. Re-authenticate to get a new token.

Send a passwordless login link to an email:

POST /auth/magic-link
Content-Type: application/json
 
{ "email": "[email protected]" }

The user receives an email with a link containing a token. Verify the token:

POST /auth/magic-link/verify
Content-Type: application/json
 
{ "token": "abc123..." }

Returns the same shape as login.

Google OAuth

  1. Get the Google auth URL:
GET /auth/google/url?redirect_uri=https://pasera.app/auth/callback

Returns { "url": "https://accounts.google.com/o/oauth2/v2/auth?..." }

  1. Redirect the user to the URL. After Google auth, exchange the code:
POST /auth/google/callback
Content-Type: application/json
 
{
  "code": "4/0AX4...",
  "redirect_uri": "https://pasera.app/auth/callback"
}

The Google JWT is verified against Google’s JWKS endpoint. Returns the same shape as login.