auth-service) handles user registration and login. Registration returns a plain-text confirmation. Login returns a raw JWT string — not a JSON object — which you pass as a Bearer token in the Authorization header on every subsequent request. No authentication is required to call these two endpoints.
POST /api/auth/register
Register a new user account. The password is stored as a BCrypt hash and is never returned in any response. If the email address is already in use, the request fails with a400 error.
Request body
The user’s email address. Must be unique across all accounts.
Plain-text password. Stored as a BCrypt hash; minimum length is enforced by the client.
Response
Returns a plain-text confirmation string on success, not a JWT token."Usuario registrado exitosamente" — a fixed confirmation message. To obtain a token, log in with POST /api/auth/login.Status codes
| Code | Meaning |
|---|---|
200 | Registration successful. Response body is "Usuario registrado exitosamente". |
400 | Email already registered ("Email ya registrado"). |
Example
Example response (200)
POST /api/auth/login
Authenticate an existing user. Returns a fresh JWT token on success. Returns401 if the email is not found or the password does not match.
Request body
The user’s registered email address.
The user’s plain-text password. Compared against the stored BCrypt hash.
Response
Signed JWT token. Use as
Authorization: Bearer <token> on all subsequent requests.Status codes
| Code | Meaning |
|---|---|
200 | Login successful. Response body contains the JWT token. |
401 | Invalid credentials—email not found or password mismatch. |
Example
Example response (200)