{
  "success": true,
  "message": "Login successful",
  "data": {
    "authenticated": true,
    "sessionId": "session-id-here"
  }
}

POST /api/auth/login

Authenticates admin user and establishes a session for accessing protected endpoints.

Request

password
string
required
Admin password configured in environment variables
curl -X POST http://localhost:3000/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"password": "your-admin-password"}'

Response

{
  "success": true,
  "message": "Login successful",
  "data": {
    "authenticated": true,
    "sessionId": "session-id-here"
  }
}

{
  "success": false,
  "error": "Invalid password",
  "code": "AUTHENTICATION_FAILED"
}

Status Codes

200
Success
Login successful, session established
400
Bad Request
Missing or invalid password in request body
401
Unauthorized
Invalid password provided

Session Management

After successful login:
  • Session cookie is set automatically
  • Cookie is required for all protected endpoints
  • Session persists until server restart or explicit logout

Usage Example

// Login and store session
const loginResponse = await fetch('/api/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    password: 'your-admin-password'
  })
});

if (loginResponse.ok) {
  // Session cookie is automatically stored
  // Now you can access protected endpoints
  const adminData = await fetch('/api/admin');
}

Security Notes

  • Password is configured via ADMIN_PASSWORD environment variable
  • Session cookies are HTTP-only for security
  • No password is returned in response
  • Failed login attempts are logged