API Reference

Authentication API

Endpoints for user authentication, token management, and session handling.

Login

POST

/v1/auth/login

Authenticate a user and receive an access token

Request Body

Parameter	Type	Required	Description
email	string	Yes	User's email address
password	string	Yes	User's password
mfa_code	string	No	Multi-factor authentication code

JavaScript

const response = await fetch('https://api.mobid.io/v1/auth/login', {
  method: 'POST',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    email: 'user@example.com',
    password: 'securepassword123'
  })
});

const { data } = await response.json();
console.log('Token:', data.accessToken);

Response

{
  "code": 200,
  "message": "Authentication successful",
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIs...",
    "refreshToken": "rt_abc123...",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "user": {
      "id": "usr_123",
      "email": "user@example.com",
      "verified": true
    }
  }
}

Refresh Token

POST

/v1/auth/refresh

Refresh an expired access token

Request Body

Parameter	Type	Required	Description
refreshToken	string	Yes	The refresh token from the login response

Refresh request

curl -X POST 'https://api.mobid.io/v1/auth/refresh' \
  -H 'Content-Type: application/json' \
  -d '{"refreshToken": "rt_abc123..."}'

ℹ

Token Lifecycle

Access tokens expire after 1 hour. Refresh tokens expire after 30 days. Store refresh tokens securely and rotate them on each use.