Authentication API

The Authentication API provides endpoints for user authentication, token management, and password operations.

Base Endpoint


/api/auth

The system will automatically set authentication cookies with the generated tokens upon login or refresh. You usually don’t need to handle the tokens manually unless your use-case is purely token-based.

BSH Engine Collection

Endpoints

Method	Endpoint	Description
POST	`/api/auth/register`	Register new user
POST	`/api/auth/activate-account`	Activate user account using verification code
POST	`/api/auth/login`	Authenticate user with email and password
POST	`/api/auth/refresh`	Refresh expired access token
POST	`/api/auth/forget-password`	Request password reset code via email
POST	`/api/auth/reset-password`	Reset password using verification code
POST	`/api/auth/resend-activation-email`	Resend activation email to the user

Token Usage

The Engine API supports two methods of authentication. You can use either one depending on your use case.

bearer

Include the access token in the Authorization header:


Authorization: Bearer {{accessToken}}

cookies

Authentication can be handled automatically via cookies. This is useful when making requests from a browser where the session cookie is already present.

ApiKeys

Include your API key in the X-BSH-APIKEY header for all API requests:


X-BSH-APIKEY: {{ApiKey}}