Authentication API
Authentication is handled by NextAuth with credentials-based login. The central database stores user accounts and tenant memberships.
Endpoints
POST /api/auth/[…nextauth]
NextAuth catch-all handler for sign-in, sign-out, and session management.
POST /api/auth/signup
Create a new user account.
Request Body:
{
"name": "John Doe",
"email": "john@example.com",
"password": "SecurePass123!"
}POST /api/auth/forgot-password
Request a password reset email.
Request Body:
{
"email": "john@example.com"
}POST /api/auth/reset-password
Confirm a password reset with a token.
Request Body:
{
"token": "reset-token-here",
"password": "NewSecurePass123!"
}GET /api/auth/refresh-session
Refresh the current user session and re-fetch tenant data.
POST /api/auth/switch-tenant
Switch the active tenant for multi-tenant users.
Request Body:
{
"tenantId": "tenant-uuid-here"
}Password Hashing
Passwords are hashed using scrypt with the following parameters:
- Algorithm: scrypt
- N: 16384, r: 8, p: 1
- Key length: 64 bytes
- Format:
scrypt$<hex-salt>$<hex-hash>
Last updated on