search
Case StudiesContact UsFree Consultation

Authentication Endpoints

hashtag
Detailed Health Status

get

Per-component health status for debugging and monitoring dashboards.

Response format matches fabric-subscription /health/status. Each component reports "ok" or an error message string.

Authorizations
AuthorizationstringRequired

JWT token for user authentication. Include as: Authorization: Bearer

Responses
chevron-right
200Success
application/json

GET /v1/auth/health/status/ — per-component health.

statusstringRequired

'healthy' or 'unhealthy'

get
/v1/auth/health/

hashtag
Basic Authentication Login

post

Authenticate user with email/phone and password to obtain access tokens

Authentication Flow:

  1. User provides identifier (email/phone) and password

  2. System validates credentials

  3. Returns JWT access and refresh tokens

  4. User can use access token for authenticated requests

Security Features:

  • Password hashing and validation

  • Account lockout after failed attempts

  • JWT token expiration

  • Refresh token for token renewal

Token Usage:

  • Access Token: Include in Authorization header for API calls

  • Refresh Token: Use to get new access token when expired

Prerequisites:

  • User account must be verified

  • Valid email/phone and password combination

Use Cases:

  • Web application user login

  • Mobile app authentication

  • API access for authenticated users

  • E-commerce platform customer login

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
identifierstring · min: 1 · max: 100Required

Email or Phone number

passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

Responses
chevron-right
200

Login successful

application/json
accessstring · jwtRequired

JWT access token for API authentication

refreshstring · jwtRequired

JWT refresh token for token renewal

post
/v1/auth/login/basic/

hashtag
Passwordless Login

post

Initiate passwordless login by sending OTP or verification link

Process:

  1. User provides email/phone number

  2. System sends OTP or verification link

  3. User enters OTP or clicks link

  4. System authenticates user and returns tokens

Benefits:

  • No password required

  • Enhanced security through time-based codes

  • Reduced password management overhead

Security:

  • Rate limiting prevents abuse

  • OTP expiration for security

  • One-time use codes

Use Cases:

  • Password-free authentication for mobile apps

  • Quick login for returning users

  • Enhanced security for sensitive applications

  • Corporate SSO integration

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
methodstring · enumOptional

Method to send message

  • email - email
  • sms - sms
Default: emailPossible values:
verification_typestring · enumOptional

OTP or Link

  • otp - otp
  • link - link
Default: otpPossible values:
identifierstring · min: 1 · max: 100Required

Email or Phone number

Responses
chevron-right
200

Login OTP/link sent successfully

application/json
messagestringRequired

Confirmation message

post
/v1/auth/login/passwordless/

hashtag
Confirm Passwordless Login

post

Complete passwordless login by verifying OTP or link

Process:

  1. User provides identifier and verification code

  2. System validates OTP/link

  3. Authenticates user and returns JWT tokens

  4. User can now access protected resources

Security:

  • OTP validation with expiration check

  • One-time use verification codes

  • Rate limiting on verification attempts

Use Cases:

  • Completing passwordless login flow

  • Two-factor authentication verification

  • Temporary access code validation

  • Guest user authentication

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
identifierstring · min: 1 · max: 100Required

Email or Phone number

codestring · min: 1Required

Verification code received

Responses
chevron-right
200

Login successful

application/json
accessstring · jwtRequired

JWT access token for API authentication

refreshstring · jwtRequired

JWT refresh token for token renewal

post
/v1/auth/login/passwordless/confirm/

hashtag
Ethereum Wallet Authentication

post

Authenticate user using Ethereum wallet signature verification

Process:

  1. User provides wallet address, message, and signature

  2. System verifies signature using Ethereum cryptography

  3. Creates or retrieves user account

  4. Returns JWT access and refresh tokens

Security Features:

  • Cryptographic signature verification

  • Nonce-based replay protection

  • Wallet address validation

  • Automatic user creation for new wallets

Message Format: The message to sign follows this format: Welcome to BlockAuth!

Please sign this message to authenticate with your wallet.

Wallet Address: {wallet_address} Nonce: {nonce} Timestamp: {timestamp}

This signature will be used to authenticate your account.

Prerequisites:

  • Valid Ethereum wallet address

  • Properly signed message with correct format

  • Valid signature that matches the wallet address

Use Cases:

  • DeFi application user authentication

  • NFT marketplace user access

  • Web3 gaming platform login

  • Decentralized application (dApp) login

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
wallet_addressstring · min: 1 · max: 42Required

Ethereum wallet address (0x...)

messagestring · min: 1Required

Message that was signed by the wallet user.

signaturestring · min: 1 · max: 132Required

Ethereum signature (0x-prefixed, 130 hex chars, e.g. 0x1234...)

Responses
chevron-right
200

Wallet authentication successful

application/json
accessstring · jwtRequired

JWT access token for API authentication

refreshstring · jwtRequired

JWT refresh token for token renewal

post
/v1/auth/login/wallet/

hashtag
Get Current User Profile

get

Retrieve the complete profile information for the currently authenticated user. This endpoint requires a valid JWT access token in the Authorization header.

Authentication: Required (Bearer token)

Profile Information:

  • Basic user details (ID, email, name)

  • Account status (verification, online status)

  • Profile data (birth date, bio)

  • Authentication methods used

  • Account creation and last login timestamps

Use Cases:

  • Display user profile in frontend applications

  • Verify user authentication status

  • Retrieve user preferences and settings

  • Check account verification status

Authorizations
AuthorizationstringRequired

JWT token for user authentication. Include as: Authorization: Bearer

Responses
chevron-right
200Success
application/json

Serializer for the /me endpoint response. Matches the user profile fields returned by MeView.

idstring · uuidRequired
emailstring · emailRequired
first_namestring · nullableOptional
last_namestring · nullableOptional
date_joinedstring · date-timeRequired
is_onlinebooleanRequired
date_of_birthstring · date · nullableOptional
biostring · nullableOptional
authentication_typestring · nullableOptional
is_verifiedboolean · nullableOptional
wallet_addressstring · nullableOptional
get
/v1/auth/me/
200Success

hashtag
Change Password

post

Change password for authenticated user.

Process:

  1. User provides old password, new password, and confirmation

  2. System validates old password and password confirmation

  3. Updates to new password

  4. Invalidates all existing sessions

Security:

  • Requires old password verification

  • Password strength validation

  • Password confirmation matching

  • Session invalidation for security

  • Rate limiting on attempts

Authentication Required:

  • Valid JWT access token in Authorization header

Use Cases:

  • Proactive password security updates

  • Regular password rotation compliance

  • Account security enhancement

  • Password policy enforcement

Authorizations
AuthorizationstringRequired

JWT token for user authentication. Include as: Authorization: Bearer

Body
old_passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

new_passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

confirm_passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

Responses
chevron-right
200

Password changed successfully

application/json
messagestringRequired

Success message

post
/v1/auth/password/change/

hashtag
Request Password Reset

post

Initiate password reset process by sending OTP or reset link

Process:

  1. User provides email/phone number

  2. System validates user exists

  3. Sends OTP or reset link

  4. User completes reset via separate endpoint

Security:

  • Rate limiting prevents abuse

  • No indication if user exists (security through obscurity)

  • Time-limited reset tokens

Use Cases:

  • User forgot password

  • Account compromise recovery

  • Password expiration notification

  • Security policy enforcement

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body

Validates format and checks account existence. Results stored internally — view returns identical response regardless of outcome to prevent user enumeration (OWASP).

methodstring · enumOptional

Method to send message

  • email - email
  • sms - sms
Default: emailPossible values:
verification_typestring · enumOptional

OTP or Link

  • otp - otp
  • link - link
Default: otpPossible values:
identifierstring · min: 1 · max: 100Required

Email or Phone number

Responses
chevron-right
200

Password reset initiated successfully

application/json
messagestringRequired

Confirmation message

post
/v1/auth/password/reset/

hashtag
Confirm Password Reset

post

Complete password reset by providing verification code, new password, and confirmation.

Process:

  1. User provides identifier, verification code, new password, and confirmation

  2. System validates code, password, and confirmation matching

  3. Updates user password

  4. Invalidates all existing sessions

Security:

  • Password strength validation

  • Password confirmation matching

  • Code expiration check

  • Session invalidation for security

Use Cases:

  • Completing forgotten password recovery

  • Account security restoration

  • Compromised account recovery

  • Password policy compliance

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
identifierstring · min: 1 · max: 100Required

Email or Phone number

codestring · min: 1Required

Verification code received

new_passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

confirm_passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

Responses
chevron-right
200

Password reset successful

application/json
messagestringRequired

Success message

post
/v1/auth/password/reset/confirm/

hashtag
User Registration

post

Create a new user account with email/phone verification (Basic Signup).

Process:

  1. User provides email/phone and password

  2. System validates input data

  3. Creates user account (unverified)

  4. Sends OTP or verification link

  5. User completes verification via separate endpoint

Verification Methods:

  • OTP: Time-based one-time password sent via email/SMS

  • Link: Verification link sent via email

Security:

  • Password is hashed using Django's secure hashing

  • Rate limiting applied to prevent abuse

  • Email/phone validation before account creation

Prerequisites:

  • Valid email address or phone number

  • Strong password (minimum 8 characters)

  • Unique identifier (email/phone not already registered)

Use Cases:

  • New user registration for web/mobile applications

  • Account creation for e-commerce platforms

  • User onboarding for SaaS applications

  • Community platform member registration

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
methodstring · enumOptional

Method to send message

  • email - email
  • sms - sms
Default: emailPossible values:
verification_typestring · enumOptional

OTP or Link

  • otp - otp
  • link - link
Default: otpPossible values:
identifierstring · min: 1 · max: 100Required

Email or Phone number

passwordstring · min: 1Write-onlyRequired

Password must be 8-128 characters and contain at least one uppercase letter, one lowercase letter, one number, and one symbol (!@#$%^&*).

Your password can’t be too similar to your other personal information.

Your password can’t be a commonly used password.

Responses
chevron-right
200

Registration initiated successfully

application/json
messagestring · enumRequired

Confirmation message with verification method

Possible values:
post
/v1/auth/signup/

hashtag
Confirm User Registration

post

Verify OTP or click verification link to complete user registration

Process:

  1. User provides identifier and verification code

  2. System validates OTP/link

  3. Marks user as verified

  4. User can now login to the system

Verification Types:

  • OTP: Numeric code sent via email/SMS

  • Link: URL-based verification (handled separately)

Security:

  • OTP has expiration time

  • One-time use only

  • Rate limiting on attempts

  • CSRF protection for link verification

Use Cases:

  • Completing email verification after signup

  • Phone number verification for SMS-based auth

  • Account activation after registration

  • Two-factor authentication setup

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
identifierstring · min: 1 · max: 100Required

Email or Phone number

codestring · min: 1Required

Verification code received

Responses
chevron-right
200

Registration confirmed successfully

application/json
messagestringRequired

Success confirmation message

post
/v1/auth/signup/confirm/

hashtag
Resend Verification OTP/Link

post

Resend OTP or verification link for signup confirmation or wallet email verification.

Use Cases:

  • User didn't receive initial verification

  • OTP expired and needs renewal

  • Wallet user adding email verification

Rate Limiting:

  • Prevents abuse and spam

  • Configurable wait time between requests

  • Different limits for signup vs wallet verification

Security:

  • Rate limiting prevents brute force attacks

  • Validates identifier format before sending

  • Logs all attempts for monitoring

Use Cases:

  • User didn't receive initial verification email/SMS

  • OTP expired and needs renewal

  • Wallet user adding email verification

  • Account recovery for unverified users

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body

Validates format and checks account state. Results stored internally — view returns identical response regardless of outcome to prevent user enumeration (OWASP).

methodstring · enumOptional

Method to send message

  • email - email
  • sms - sms
Default: emailPossible values:
verification_typestring · enumOptional

OTP or Link

  • otp - otp
  • link - link
Default: otpPossible values:
identifierstring · min: 1 · max: 100Required

Email or Phone number

Responses
chevron-right
200

Verification OTP/link sent successfully

application/json
messagestringRequired

Confirmation message with verification method

post
/v1/auth/signup/otp/resend/

hashtag
Refresh Access Token

post

Get a new access token using a valid refresh token

Process:

  1. User provides valid refresh token

  2. System validates refresh token

  3. Returns new access and refresh tokens

  4. Old refresh token becomes invalid

Security:

  • Refresh tokens have longer expiration

  • Token rotation for enhanced security

  • Automatic invalidation of old tokens

Use Cases:

  • Access token expired during active session

  • Regular token rotation for security

  • Session renewal for long-running applications

  • Mobile app background token refresh

Authorizations
AuthorizationstringOptional

JWT token for user authentication. Include as: Authorization: Bearer

Body
refreshstring · min: 1Required

Refresh token to get new access token

Responses
chevron-right
200

Token refreshed successfully

application/json
accessstring · jwtRequired

New JWT access token

refreshstring · jwtRequired

New JWT refresh token

post
/v1/auth/token/refresh/

hashtag
Add Email to Wallet Account

post

Add an email address to a wallet-based user account and send verification

Process:

  1. User provides email address

  2. System validates email format

  3. Updates user account with email

  4. Sends verification OTP/link to email

  5. User completes verification via separate endpoint

Benefits:

  • Enhanced account recovery options

  • Email notifications and updates

  • Additional verification layer

  • Better user experience

Security:

  • Email format validation

  • Rate limiting on requests

  • Verification required before email is active

  • Authentication required

Authentication Required:

  • Valid JWT access token in Authorization header

Use Cases:

  • Wallet user account enhancement

  • Account recovery setup for wallet users

  • Email notification preferences

  • Multi-factor authentication setup

Authorizations
AuthorizationstringRequired

JWT token for user authentication. Include as: Authorization: Bearer

Body
emailstring · email · min: 1Required

Email address to add and verify

verification_typestring · enumOptional

Type of verification to send (OTP or link)

  • otp - otp
  • link - link
Default: otpPossible values:
Responses
chevron-right
200

Email added and verification sent successfully

application/json
messagestring · enumRequired

Success message with verification method

Possible values:
post
/v1/auth/wallet/email/add/
PreviousAuthentication APINextAuthentication Methods

Last updated