Skip to main content

Enterprise User Authentication

POST 
/company/auth/login

Endpoint for authenticating administrative users of registered companies.
Performs the following operations:

  1. Validates email and password format
  2. Searches for the user in the database (both in company_user and trucker_user as a fallback)
  3. Verifies the password against the stored hash
  4. Checks the account status (active/blocked)
  5. Records the last IP and access date
  6. Generates a JWT token with user claims
  7. Logs the access in the history
  8. Verifies/creates a Stripe account if it does not exist

Detailed flow:

  1. Client sends email and password in JSON format
  2. Server validates required fields (400 if missing)
  3. Searches for the user by email (401 if not found)
  4. Verifies the password with bcrypt (401 if it does not match)
  5. Checks the account status (401 if inactive/blocked)
  6. Updates the last access data (IP, date)
  7. Generates a JWT token with user and company data
  8. Returns the token with expiration time

Security:

  • Requires HTTPS
  • Passwords are transmitted hashed
  • Tokens have a configurable expiration

Example request:

\{  
  email: admin@company.com,  
  password: SecurePassword123!  
\}

Example successful response:

\{  
  token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...,  
  expiresIn: 1712345678901  
\}

Error codes:

  • 400: Missing data or invalid format
  • 401: Incorrect credentials, user does not exist, or inactive account
  • 500: Internal server error

Request

Responses

Authentication successful