Skip to main content

Authentication

CheerKeeper API uses JWT tokens for authentication.

Getting Tokens

Login

POST /api/auth/login
Content-Type: application/json

{
  "email": "you@example.com",
  "password": "your-password"
}

Response:

{
  "user": { "id": "...", "email": "...", "name": "..." },
  "accessToken": "eyJhbG...",
  "refreshToken": "eyJhbG..."
}

Google OAuth

Users can also authenticate via Google OAuth at /api/auth/callback/google.

Using Tokens

Include the access token in requests:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Token Refresh

Access tokens expire after 1 hour. Use the refresh token:

POST /api/auth/refresh
Content-Type: application/json

{
  "refreshToken": "eyJhbG..."
}

Current User

Get the authenticated user:

GET /api/auth/me
Authorization: Bearer eyJhbG...