Authentication
Secure user registration, login, and session management with JWT tokens. All authentication endpoints use industry-standard security practices including Argon2 password hashing and account lockout protection.
The user model
The user model contains all the information about registered users, including their authentication status, profile information, and account security settings.
Properties
- Name
id- Type
- string
- Description
Unique identifier for the user.
- Name
email- Type
- string
- Description
User's email address (also serves as username).
- Name
first_name- Type
- string
- Description
User's first name.
- Name
last_name- Type
- string
- Description
User's last name.
- Name
status- Type
- string
- Description
Account status:
active,suspended, orpending_verification.
- Name
email_verified- Type
- boolean
- Description
Whether the user's email address has been verified.
- Name
last_login_at- Type
- timestamp
- Description
Timestamp of the user's last successful login.
- Name
created_at- Type
- timestamp
- Description
Timestamp of when the user account was created.
Register user
Create a new user account in the system. Each email address can only be registered once.
Required attributes
- Name
email- Type
- string
- Description
Valid email address that will serve as the login username.
- Name
password- Type
- string
- Description
Secure password (minimum 8 characters).
- Name
first_name- Type
- string
- Description
User's first name.
- Name
last_name- Type
- string
- Description
User's last name.
Request
curl https://api.sandbox.whocomply.com/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "john.doe@acmefintech.com",
"password": "SecurePassword123!",
"first_name": "John",
"last_name": "Doe"
}'
Response
{
"success": true,
"data": {
"user": {
"id": "user_01JB2M3N4P5Q6R7S8T9U0V",
"email": "john.doe@acmefintech.com",
"first_name": "John",
"last_name": "Doe",
"status": "active",
"email_verified": false,
"created_at": "2025-01-15T10:30:00Z"
}
},
"message": "User registered successfully"
}
Login user
Authenticate a user and receive a JWT token for subsequent API calls. After 5 failed login attempts, the account is locked for 15 minutes.
Required attributes
- Name
email- Type
- string
- Description
User's registered email address.
- Name
password- Type
- string
- Description
User's password.
Request
curl https://api.sandbox.whocomply.com/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "john.doe@acmefintech.com",
"password": "SecurePassword123!"
}'
Response
{
"success": true,
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyXzAxSkIyTTNONFA1UTZSN1M4VDlVMFYiLCJlbWFpbCI6ImpvaG4uZG9lQGFjbWVmaW50ZWNoLmNvbSIsImV4cCI6MTczNjk0NzgwMH0.signature",
"user": {
"id": "user_01JB2M3N4P5Q6R7S8T9U0V",
"email": "john.doe@acmefintech.com",
"first_name": "John",
"last_name": "Doe"
}
},
"message": "Login successful"
}
Get current user
Retrieve information about the currently authenticated user. Requires a valid JWT token in the Authorization header.
Request
curl https://api.sandbox.whocomply.com/v1/user \
-H "Authorization: Bearer {token}"
Response
{
"success": true,
"data": {
"user": {
"id": "user_01JB2M3N4P5Q6R7S8T9U0V",
"email": "john.doe@acmefintech.com",
"first_name": "John",
"last_name": "Doe",
"status": "active",
"email_verified": true,
"last_login_at": "2025-01-15T10:30:00Z",
"created_at": "2025-01-14T08:15:00Z"
}
},
"message": "User retrieved successfully"
}