Authentication
MenuGaze uses JWT-based authentication. All authenticated endpoints require
a valid Bearer token in the Authorization header. Tokens are
obtained by logging in through the authentication endpoints below.
POST /api/auth/signup
Create a new account.
Auth: Public (no token required)
Rate limit: 10 requests per 15 minutes per IP
Request Body
{
"name": "Jane Smith",
"email": "jane@example.com",
"password": "securepassword123",
"restaurantName": "Jane's Bistro"
}Response (201 Created)
{
"success": true,
"data": {
"user": {
"id": "uuid",
"name": "Jane Smith",
"email": "jane@example.com"
},
"token": "eyJhbGciOiJIUzI1NiIs..."
}
}POST /api/auth/login
Log in with an existing account.
Auth: Public (no token required)
Rate limit: 10 requests per 15 minutes per IP
Request Body
{
"email": "jane@example.com",
"password": "securepassword123"
}Response (200 OK)
{
"success": true,
"data": {
"user": {
"id": "uuid",
"name": "Jane Smith",
"email": "jane@example.com"
},
"token": "eyJhbGciOiJIUzI1NiIs..."
}
}Using the Token
Include the token in the Authorization header of all
authenticated requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...Error Responses
- 400 β Missing or invalid fields in the request body.
- 401 β Invalid email or password.
- 429 β Rate limit exceeded. Check the
Retry-Afterheader for seconds until you can retry.