Login

POST 
/api/v1/auth/login

User login endpoint. Returns JWT access and refresh tokens, and sets HttpOnly cookies.

Rate limited: 60/min per IP, 5/min per email (Issue #67 security hardening).

Request

Responses

200

OK

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

422

Validation Error

429

Too Many Requests