Learn how to integrate PM7 Auth into your applications.
PM7 Auth provides a simple REST API for authentication. All requests should be made to https://api.auth.pm7.dev
/auth/loginAuthenticate a user with email and password.
// Request
{
"email": "user@example.com",
"password": "YourPassword123!"
}
// Response (200 OK)
{
"success": true,
"token": "eyJhbGciOiJIUzI1NiJ9...",
"user": {
"id": "user-id",
"email": "user@example.com",
"verified": true
}
}/auth/signupRegister a new user account.
// Request
{
"email": "user@example.com",
"password": "YourPassword123!"
}
// Response (201 Created)
{
"success": true,
"message": "Account created. Check your email for verification.",
"requiresVerification": true
}/auth/verify-tokenVerify a JWT token is valid.
// Request Headers
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...
// Response (200 OK)
{
"valid": true,
"user": {
"id": "user-id",
"email": "user@example.com",
"projectId": "project-id",
"verified": true
}
}/healthCheck the health of the authentication service.
// Response (200 OK)
{
"status": "healthy",
"timestamp": "2024-01-01T00:00:00.000Z",
"service": "pm7-auth",
"database": "connected"
}| Setting | Default | Description |
|---|---|---|
| RATE_LIMIT_WINDOW_MINUTES | 15 | Time window for rate limiting |
| RATE_LIMIT_MAX_ATTEMPTS | 20 | Max login attempts per window |
| LOCKOUT_MAX_FAILED_ATTEMPTS | 10 | Failed attempts before lockout |
| LOCKOUT_DURATION_MINUTES | 30 | Duration of account lockout |
| JWT_EXPIRATION | 24h | JWT token expiration time |
| REDIS_ENABLED | true | Enable Redis for rate limiting |
| REDIS_URL | - | Redis connection URL |
Here's a complete example of integrating PM7 Auth into a React application:
import { useState } from 'react';
const API_URL = 'https://api.auth.pm7.dev';
export function useAuth() {
const [user, setUser] = useState(null);
const [loading, setLoading] = useState(false);
const login = async (email, password) => {
setLoading(true);
try {
const res = await fetch(`${API_URL}/auth/login`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password }),
});
const data = await res.json();
if (data.success) {
localStorage.setItem('token', data.token);
setUser(data.user);
return { success: true };
}
return { success: false, error: data.error };
} finally {
setLoading(false);
}
};
const logout = () => {
localStorage.removeItem('token');
setUser(null);
};
const verifyToken = async () => {
const token = localStorage.getItem('token');
if (!token) return false;
const res = await fetch(`${API_URL}/auth/verify-token`, {
method: 'POST',
headers: { 'Authorization': `Bearer ${token}` },
});
const data = await res.json();
if (data.valid) {
setUser(data.user);
return true;
}
logout();
return false;
};
return { user, loading, login, logout, verifyToken };
}| HTTP Status | Error Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request data |
| 401 | INVALID_CREDENTIALS | Wrong email or password |
| 401 | TOKEN_EXPIRED | JWT token has expired |
| 403 | ACCOUNT_LOCKED | Account locked due to failed attempts |
| 403 | EMAIL_NOT_VERIFIED | Email verification required |
| 409 | USER_EXISTS | Email already registered |
| 429 | RATE_LIMITED | Too many requests |
Ready to start building? Create your account and get your API credentials.