POST /api/auth/login
Authenticates admin user and establishes a session for accessing protected endpoints.
Request
Admin password configured in environment variables
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"password": "your-admin-password"}'
Response
{
"success": true,
"message": "Login successful",
"data": {
"authenticated": true,
"sessionId": "session-id-here"
}
}
{
"success": false,
"error": "Invalid password",
"code": "AUTHENTICATION_FAILED"
}
Status Codes
Login successful, session established
Missing or invalid password in request body
Invalid password provided
Session Management
After successful login:
- Session cookie is set automatically
- Cookie is required for all protected endpoints
- Session persists until server restart or explicit logout
Usage Example
// Login and store session
const loginResponse = await fetch('/api/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
password: 'your-admin-password'
})
});
if (loginResponse.ok) {
// Session cookie is automatically stored
// Now you can access protected endpoints
const adminData = await fetch('/api/admin');
}
Security Notes
- Password is configured via
ADMIN_PASSWORD environment variable
- Session cookies are HTTP-only for security
- No password is returned in response
- Failed login attempts are logged
