There are two main ways to let users authenticate with your api

  1. Local JWT Auth

  2. Auth0


Local JWT Auth

The local JWT Auth is a passwordless auth system that sends and email with a code that users can then use to log in. Make sure you have a Sendgrid API Key in your configs before trying to get a code.

  1. Make a post request to /code

curl http://localhost:3030/code?email=[email protected]

2. Get the code from your email and then do

curl --location --request POST 'http://localhost:3030/auth' \
--header 'Authorization: 150812556228bdf005292ead677bd737ae5f82a057062340f9de947f4be6ec66607e4ded613a3f69b6c5730450c07c4c' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "[email protected]", "code": 755326

You'll get a response like

"success": true,
"user": {
"id": 1,
"email": "[email protected]",
"role": "admin",
"photo": null,
"name": null,
"code": 0,
"expires": "2020-07-22T01:45:38.000Z",
"createdAt": "2020-07-22T01:37:05.000Z",
"updatedAt": {
"fn": "now",
"args": []
"authorId": null
"token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"expiresAt": 1631382161439

You can now make authenticated API calls with the token