🌙 ManaHalal Auth API Documentation

Complete reference for the ManaHalal authentication service

Overview

The ManaHalal Auth Service provides secure authentication for the ManaHalal ecosystem. It supports traditional email/password authentication as well as OAuth providers like Google.

Base URL

https://api.manahalal.co

Authentication

All authenticated requests must include session cookies. The service uses HTTP-only cookies for session management.

Authentication Endpoints

POST /api/auth/sign-up

Create a new user account.

Request Body

Field Type Required Description
email string Yes User's email address
password string Yes Password (min 8 characters)
name string No User's full name 
{
  "email": "user@example.com",
  "password": "securePassword123",
  "name": "John Doe"
}

Response

{
  "user": {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "email": "user@example.com",
    "name": "John Doe",
    "createdAt": "2024-01-15T10:00:00Z"
  }
}
POST /api/auth/sign-in

Sign in with email and password.

Request Body

Field Type Required Description
email string Yes User's email address
password string Yes User's password 
{
  "email": "user@example.com",
  "password": "securePassword123"
}
POST /api/auth/sign-out

Sign out the current user.

No request body required. Will clear the session cookie.

POST /api/auth/forgot-password

Request a password reset link.

Request Body

Field Type Required Description
email string Yes Email address of the account 
{
  "email": "user@example.com"
}
POST /api/auth/reset-password

Reset password using a valid reset token.

Request Body

Field Type Required Description
token string Yes Reset token from email
password string Yes New password (min 8 characters) 
{
  "token": "reset_token_from_email",
  "password": "newSecurePassword123"
}

User Management

GET /api/auth/get-session

Get the current user's session information.

Response

{
  "session": {
    "id": "session_123",
    "userId": "user_123",
    "expiresAt": "2024-01-22T10:00:00Z"
  },
  "user": {
    "id": "user_123",
    "email": "user@example.com",
    "name": "John Doe",
    "createdAt": "2024-01-15T10:00:00Z"
  }
}

OAuth Integration

GET /api/auth/sign-in/google

Initiate Google OAuth sign-in flow.

Redirects the user to Google's OAuth consent screen.

GET /api/auth/callback/google

OAuth callback endpoint. Handled automatically by the OAuth flow.

Session Management

Sessions are managed using HTTP-only cookies. The cookies are:

Error Handling

The API returns standard HTTP status codes and JSON error responses:

{
  "error": "Invalid credentials",
  "code": "AUTH_INVALID_CREDENTIALS"
}

Common Error Codes

Status Code Description
400 VALIDATION_ERROR Invalid request data
401 AUTH_INVALID_CREDENTIALS Invalid email or password
401 AUTH_UNAUTHORIZED Not authenticated
409 AUTH_USER_EXISTS Email already registered
500 INTERNAL_ERROR Server error