Authentication
Register accounts, obtain JWT tokens, refresh sessions, and authenticate with GitHub OAuth.
All authentication endpoints are under /api/auth. Most return a JWT token that you include in subsequent requests as a Bearer token.
Get auth providers
GET /api/auth/providers
Return the authentication methods enabled on this DRAGOPS instance. This endpoint is public and does not require authentication.
Response
{
"success": true,
"data": {
"local": true,
"github": true,
"githubClientId": "Iv1.abc123def456"
},
"timestamp": "2026-03-05T12:00:00.000Z"
}The github field is true when GitHub OAuth is configured. The githubClientId is only present when GitHub OAuth is enabled. The local field indicates whether email and password registration is available.
Register
POST /api/auth/register
Create a new account with email and password. This endpoint is only available when local authentication is enabled.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address |
firstName | string | Yes | First name |
lastName | string | Yes | Last name |
password | string | Yes | Password (must include at least one special character) |
{
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"password": "SecurePass1@"
}Response
201 Created
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user"
}
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Errors
| Code | Status | Description |
|---|---|---|
LOCAL_AUTH_DISABLED | 403 | Local registration is disabled on this instance |
EMAIL_ALREADY_EXISTS | 409 | An account with this email already exists |
Log in
POST /api/auth/login
Authenticate with email and password. Returns a JWT token for use in the Authorization header.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address |
password | string | Yes | Password |
{
"email": "[email protected]",
"password": "SecurePass1@"
}Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user"
}
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Errors
| Code | Status | Description |
|---|---|---|
LOCAL_AUTH_DISABLED | 403 | Local authentication is disabled on this instance |
INVALID_CREDENTIALS | 401 | Email or password is incorrect |
GitHub OAuth
POST /api/auth/github
Exchange a GitHub OAuth authorization code for a JWT token. Use this after the user completes the GitHub OAuth flow and you receive a code parameter.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
code | string | Yes | GitHub OAuth authorization code |
{
"code": "abc123def456"
}Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user",
"avatarUrl": "https://avatars.githubusercontent.com/u/12345"
}
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Get current user
GET /api/auth/me
Return the profile of the currently authenticated user.
Authentication required.
Response
{
"success": true,
"data": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user",
"avatarUrl": "https://avatars.githubusercontent.com/u/12345",
"createdAt": "2026-01-15T08:30:00.000Z"
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Refresh token
POST /api/auth/refresh
Re-issue a JWT token with current permissions from the database. Use this when the user's role or workspace membership may have changed since the original token was issued.
Authentication required.
Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user"
}
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Switch workspace
POST /api/auth/switch-workspace
Switch to a different workspace and receive a new JWT token scoped to that workspace.
Authentication required.
Request body
| Parameter | Type | Required | Description |
|---|---|---|---|
workspaceId | string (UUID) | Yes | The ID of the workspace to switch to |
{
"workspaceId": "550e8400-e29b-41d4-a716-446655440000"
}Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "usr_abc123",
"email": "[email protected]",
"firstName": "Jane",
"lastName": "Smith",
"role": "user"
}
},
"timestamp": "2026-03-05T12:00:00.000Z"
}Errors
| Code | Status | Description |
|---|---|---|
WORKSPACE_NOT_FOUND | 404 | The workspace does not exist or you do not have access |