Authentication API

Endpoints for user authentication, session management, and context switching.

Validate Company

Check if a company slug exists before showing the login form.

GET/v1/auth/validate-company

Query Parameters:

Parameter	Type	Required	Description
slug	string	Yes	Company slug to validate

Example Request:

curl "https://api.console.solucao42.com.br/v1/auth/validate-company?slug=acme-corp"

Response:

{
  "exists": true
}

---

Login

Authenticate with email and password.

POST/v1/auth/login

Request Body:

Field	Type	Required	Description
company_slug	string	Yes	Company identifier
email	string	Yes	User email
password	string	Yes	User password

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "company_slug": "acme-corp",
    "email": "[email protected]",
    "password": "SecurePassword123!"
  }'

Response: 200 OK

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 604800,
  "user": {
    "_id": "507f1f77bcf86cd799439011",
    "email": "[email protected]",
    "name": "John Doe",
    "company_id": "507f1f77bcf86cd799439012"
  }
}

Errors:

Status	Error Code	Description
400	INVALID_CREDENTIALS	Wrong email or password
403	FORBIDDEN	User not authorized for this company
404	COMPANY_NOT_FOUND	Company slug doesn't exist
422	VALIDATION_ERROR	Invalid request body

---

Login with Google

Authenticate using a Google OAuth token.

POST/v1/auth/google

Request Body:

Field	Type	Required	Description
company_slug	string	Yes	Company identifier
google_token	string	Yes	Google OAuth token

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/auth/google \
  -H "Content-Type: application/json" \
  -d '{
    "company_slug": "acme-corp",
    "google_token": "ya29.a0AfH6SMBx..."
  }'

Response: Same as email/password login.

---

Get Current User

Returns the authenticated user's profile and current context.

GET/v1/auth/me

Headers:

Header	Required	Description
Authorization	Yes	Bearer <token>

Example Request:

curl https://api.console.solucao42.com.br/v1/auth/me \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "user": {
    "_id": "507f1f77bcf86cd799439011",
    "email": "[email protected]",
    "name": "John Doe",
    "company_id": "507f1f77bcf86cd799439012"
  },
  "context": {
    "company_id": "507f1f77bcf86cd799439012"
  }
}

Errors:

Status	Error Code	Description
401	UNAUTHORIZED	Token invalid or expired

---

Passwordless Login

Authenticate using a temporary code sent via email.

Request Login Code

POST/v1/auth/passwordless/request

Request Body:

Field	Type	Required	Description
company_slug	string	Yes	Company identifier
email	string	Yes	User email

Response: 200 OK with { "message": "..." }

Verify Login Code

POST/v1/auth/passwordless/verify

Request Body:

Field	Type	Required	Description
company_slug	string	Yes	Company identifier
email	string	Yes	User email
code	string	Yes	6-digit code from email

Response: Same as standard login.

---

Multi-Factor Authentication (2FA)

Verify 2FA Login

Verify a TOTP token during the login flow.

POST/v1/auth/2fa/login

Request Body:

Field	Type	Required	Description
pending_2fa_token	string	Yes	Token from initial login response
totp_token	string	No	6-digit code
backup_code	string	No	One-time recovery code

---

Single Sign-On (SSO)

Start SSO Flow

Initiate the redirect to the Identity Provider.

GET/v1/auth/sso/:company_slug/start

Query Parameters:

Parameter	Type	Required	Description
redirect_uri	string	Yes	Where to return after IdP auth

Response: 200 OK with { "url": "https://idp.com/auth/..." }

SSO Callback

Endpoint used by the IdP to return the user to the platform.

GET/POST/v1/auth/sso/:company_slug/callback

Parameters: Standard SAML or OIDC parameters (code, state, SAMLResponse).

---

Logout

End the current session.

POST/v1/auth/logout

Headers:

Header	Required	Description
Authorization	No	Bearer <token> (optional)

Example Request:

curl -X POST https://api.console.solucao42.com.br/v1/auth/logout \
  -H "Authorization: Bearer YOUR_TOKEN"

Response: 200 OK

{
  "success": true
}

observação

The frontend should remove the token from storage after calling this endpoint.

---

JWT Token Structure

When decoded, the JWT payload contains:

{
  "sub": "507f1f77bcf86cd799439011",
  "user_id": "507f1f77bcf86cd799439011",
  "company_id": "507f1f77bcf86cd799439012",
  "email": "[email protected]",
  "is_owner": false,
  "iss": "solucao42-console-api",
  "aud": "https://console.solucao42.com.br",
  "jti": "unique-token-id",
  "iat": 1709216800,
  "exp": 1709821600
}

Claim	Description
sub	Subject (user ID)
user_id	User identifier
company_id	Company (tenant) identifier
email	User's email
is_owner	Whether user is company owner
iss	Token issuer
aud	Token audience
jti	Unique token ID
iat	Issued at (Unix timestamp)
exp	Expires at (Unix timestamp)

---

Code Examples

JavaScript

async function login(companySlug, email, password) {
  const response = await fetch('https://api.console.solucao42.com.br/v1/auth/login', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ company_slug: companySlug, email, password }),
  });

  if (!response.ok) {
    const error = await response.json();
    throw new Error(error.error || 'Login failed');
  }

  const data = await response.json();
  sessionStorage.setItem('s42_auth_token', data.token);
  return data.user;
}

async function getMe(token) {
  const response = await fetch('https://api.console.solucao42.com.br/v1/auth/me', {
    headers: { 'Authorization': `Bearer ${token}` },
  });
  return response.json();
}

cURL

# Login
TOKEN=$(curl -s -X POST https://api.console.solucao42.com.br/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"company_slug":"acme","email":"[email protected]","password":"password"}' \
  | jq -r '.token')

# Get current user
curl -s https://api.console.solucao42.com.br/v1/auth/me \
  -H "Authorization: Bearer $TOKEN" | jq

# Logout
curl -s -X POST https://api.console.solucao42.com.br/v1/auth/logout \
  -H "Authorization: Bearer $TOKEN"