Member Auth API Documentation

Complete API reference for Member Authentication endpoints

Table of Contents

POST /auth/member/login Requires: LocalAuthGuardMemberV2
Authenticate a member user with username and password. Returns access token and refresh token upon successful authentication.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json
user-login-token string Yes Login token obtained from /auth/member/getLoginToken endpoint

Body:

Field Type Required Description
username string Yes Member username (can be mobile number, username, or alternate username depending on partner configuration)
password string Yes Member password
partnerKey string Yes Partner key/prefix identifier
Example Request: 
{
  "username": "member123",
  "password": "password123",
  "partnerKey": "ABC"
}
Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "type": "Bearer",
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IlhEVEhEQVQwMDAwMDA2QjAiLCJpZCI6MTcxMiwicGFydG5lcklkIjoxMjMsImlhdCI6MTc2MjA3MzY3MTE5NiwidHlwZSI6IkFVVEgiLCJleHAiOjE3NjIxNjAwNzExOTZ9.6N559WOT27XbTiobi5qD4Y1VYXP-Vnwq8MO_sPfCH2k",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IlhEVEhEQVQwMDAwMDA2QjAiLCJpZCI6MTcxMiwicGFydG5lcklkIjoxMjMsImlhdCI6MTc2MjA3MzY3MTE5NiwidHlwZSI6IkFVVEgiLCJleHAiOjE3NjI2Nzg0NzExOTZ9.4k1CMjmASC_srwTkAV1tG59tM6THiNTdSwdz1vZD_DE"
  }
}

404 Not Found Member not found

{
  "isSuccess": false,
  "statusCode": 404,
  "message": {
    "errorCode": "MEMBER_NOT_FOUND",
    "errorMessage": "Member not found"
  }
}

401 Unauthorized Invalid credentials

{
  "isSuccess": false,
  "statusCode": 401,
  "message": {
    "errorCode": "INVALID_CREDENTIALS",
    "errorMessage": "Invalid credentials"
  }
}

429 Too Many Requests Duplicate request detected

{
  "isSuccess": false,
  "statusCode": 429,
  "message": {
    "errorCode": "DUPLICATE_REQUEST",
    "errorMessage": "Duplicate request detected"
  }
}
POST /auth/member/getLoginToken
Get a login token for a specific partner prefix. This token can be used for partner-specific authentication flows.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json

Body:

Field Type Required Description
partnerPrefix string Yes Partner prefix identifier
Example Request: 
{
  "partnerPrefix": "ABC"
}
Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "token": "K1efa",
    "expiresAt": 1762073725580
  }
}
POST /auth/member/refresh Requires: JwtRefreshGuardMemberV2
Refresh the access token using a valid refresh token. Returns a new access token. The refresh token should be sent in the Authorization header.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json
Authorization string Yes Bearer {refreshToken}

Body: Empty

Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "type": "bearer",
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6IlhEVEhEQVQwMDAwMDA2OTgiLCJpZCI6MTY5OSwicGFydG5lcklkIjoxMjMsImlhdCI6MTc2MjA3MjA5Nzk4NCwidHlwZSI6IkFVVEgiLCJleHAiOjE3NjIxNTg0OTc5ODR9.eKUuE51r29eFSJ9CrKe5enu0wb0ci_Iby1-bInEgd-0"
  }
}

401 Unauthorized Invalid or expired refresh token

{
  "isSuccess": false,
  "statusCode": 401,
  "message": {
    "errorCode": "TOKEN_EXPIRED",
    "errorMessage": "Token expired"
  }
}

429 Too Many Requests Duplicate request detected

{
  "isSuccess": false,
  "statusCode": 429,
  "message": {
    "errorCode": "DUPLICATE_REQUEST",
    "errorMessage": "Duplicate request detected"
  }
}
POST /auth/member/logout Requires: JwtRefreshGuardMemberV2
Logout the authenticated member user. Invalidates the refresh token and clears the access token from cache. The refresh token should be sent in the Authorization header.
Request

Headers:

Header Type Required Description
Content-Type string Yes application/json
Authorization string Yes Bearer {refreshToken}

Body: Empty

Response

200 OK Success

{
  "isSuccess": true,
  "statusCode": 200,
  "data": {
    "status": true,
    "message": "Logout Success"
  }
}

401 Unauthorized Invalid token or user not found

{
  "isSuccess": false,
  "statusCode": 401,
  "message": {
    "errorCode": "USER_NOT_FOUND",
    "errorMessage": "ERR_200"
  }
}

Member Auth API Documentation © 2024