Authentication API

The Authentication API provides user login, session management, and token handling.

Overview

Procedure	Type	Auth	Description
auth.login	Mutation	No	Login with email/password
auth.me	Query	Yes	Get current user info
auth.refreshToken	Mutation	Yes	Refresh JWT token
auth.logout	Mutation	No	Logout (client-side)

Procedures

auth.login

Authenticate a user and receive a JWT token.

Type: Mutation Auth Required: No

Input

{
  email: string;    // Valid email address
  password: string; // User password
}

Response

{
  token: string;
  user: {
    id: string;
    email: string;
    firstName: string;
    lastName: string;
    role: "ADMIN" | "OPERATOR" | "VIEWER";
  }
}

Example

curl -X POST "https://api.itms.solutions/trpc/auth.login" \
  -H "Content-Type: application/json" \
  -d '{
    "json": {
      "email": "admin@itms.solutions",
      "password": "Admin@123"
    }
  }'

Response Example

{
  "result": {
    "data": {
      "json": {
        "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
        "user": {
          "id": "admin-001",
          "email": "admin@itms.solutions",
          "firstName": "System",
          "lastName": "Administrator",
          "role": "ADMIN"
        }
      }
    }
  }
}

Errors

Code	Description
UNAUTHORIZED	Invalid email or password
INTERNAL_SERVER_ERROR	Database not available

---

auth.me

Get the currently authenticated user's information.

Type: Query Auth Required: Yes

Headers

Authorization: Bearer <jwt-token>

Response

{
  id: string;
  email: string;
  firstName: string;
  lastName: string;
  role: string;
  createdAt: string;
  updatedAt: string;
}

Example

curl -X GET "https://api.itms.solutions/trpc/auth.me" \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Errors

Code	Description
UNAUTHORIZED	No token provided or invalid token
NOT_FOUND	User not found

---

auth.refreshToken

Refresh an existing JWT token before it expires.

Type: Mutation Auth Required: Yes

Headers

Authorization: Bearer <current-jwt-token>

Response

{
  token: string;      // New JWT token
  expiresIn: number;  // Seconds until expiration (86400 = 24 hours)
  user: {
    id: string;
    email: string;
    firstName: string;
    lastName: string;
    role: string;
  }
}

Example

curl -X POST "https://api.itms.solutions/trpc/auth.refreshToken" \
  -H "Authorization: Bearer YOUR_CURRENT_TOKEN"

Errors

Code	Description
UNAUTHORIZED	Invalid or expired token

---

auth.logout

Logout the current user. This is primarily a client-side operation.

Type: Mutation Auth Required: No

Response

{
  success: boolean;
}

Example

curl -X POST "https://api.itms.solutions/trpc/auth.logout"

JWT Token Details

• Algorithm: HS256
• Expiration: 24 hours
• Payload Contents:
  • id - User ID
  • email - User email
  • role - User role
  • firstName - User first name
  • lastName - User last name
  • exp - Expiration timestamp

User Roles

Role	Description
ADMIN	Full system access
OPERATOR	Can manage sensors and view reports
VIEWER	Read-only access

Password Security

• Passwords are hashed using bcrypt
• Minimum recommended: 8 characters
• Salt rounds: 10