pinakes/docs/api/auth.md

# Auth

Authentication and session management

## Endpoints

### POST /api/v1/auth/login

**Authentication:** Not required

#### Request Body

`Content-Type: application/json`

See `docs/api/openapi.json` for the full schema.

#### Responses

| Status | Description |
|--------|-------------|
| 200 | Login successful |
| 400 | Bad request |
| 401 | Invalid credentials |
| 500 | Internal server error |

---

### POST /api/v1/auth/logout

**Authentication:** Required (Bearer JWT)

#### Responses

| Status | Description |
|--------|-------------|
| 200 | Logged out |
| 401 | Unauthorized |
| 500 | Internal server error |

---

### GET /api/v1/auth/me

**Authentication:** Required (Bearer JWT)

#### Responses

| Status | Description |
|--------|-------------|
| 200 | Current user info |
| 401 | Unauthorized |
| 500 | Internal server error |

---

### POST /api/v1/auth/refresh

Refresh the current session, extending its expiry by the configured
duration.

**Authentication:** Required (Bearer JWT)

#### Responses

| Status | Description |
|--------|-------------|
| 200 | Session refreshed |
| 401 | Unauthorized |
| 500 | Internal server error |

---

### POST /api/v1/auth/revoke-all

Revoke all sessions for the current user

**Authentication:** Required (Bearer JWT)

#### Responses

| Status | Description |
|--------|-------------|
| 200 | All sessions revoked |
| 401 | Unauthorized |
| 500 | Internal server error |

---

### GET /api/v1/auth/sessions

**Authentication:** Required (Bearer JWT)

#### Responses

| Status | Description |
|--------|-------------|
| 200 | Active sessions |
| 401 | Unauthorized |
| 403 | Forbidden |
| 500 | Internal server error |

---