Authentication

DevDocs uses JWT-based authentication. Tokens are short-lived (1 hour) and refreshed automatically via a rotating refresh token stored in an HttpOnly cookie.

POST /auth/login
Content-Type: application/json

{ "email": "user@example.com", "password": "secret" }

Response:

{ "access_token": "eyJ...", "expires_in": 3600 }

Token Refresh

POST /auth/refresh

The refresh token is read from the cookie automatically. A new access token is returned.

Logout

POST /auth/logout

Clears the refresh token cookie server-side.

Authentication

Login

Token Refresh

Logout