Authentication API
The Authentication API handles user login, registration, email OTP verification, and session management.
Overview
All API requests require authentication via Bearer tokens. Obtain a token by calling the login endpoint with valid credentials.
Base URL: https://api.tracknexus.in/v1
- •**Authorization** header with Bearer token
- •**Content-Type** header set to application/json
All requests must include:
POST /auth/login
Authenticate a user and receive an access token.
- •**email** (string, required) — User email address
- •**password** (string, required) — User password
**Request Body:**
- •accessToken — JWT access token (expires in 1 hour)
- •refreshToken — Refresh token (expires in 30 days)
- •user — User profile object
**Response (200 OK):**
- •401 — Invalid credentials
- •429 — Too many login attempts (rate limited)
**Error Responses:**
POST /auth/refresh
Refresh an expired access token.
- •**refreshToken** (string, required) — Valid refresh token
**Request Body:**
- •accessToken — New JWT access token
- •refreshToken — New refresh token
**Response (200 OK):**
- •401 — Invalid or expired refresh token
**Error Responses:**
Email OTP Endpoints
Email OTP authentication endpoints:
**POST /auth/check-mfa** — Send a 6-digit OTP code to the user's email **POST /auth/login-mfa** — Verify the OTP code and complete login
OTP codes expire after 15 minutes with a maximum of 3 verification attempts.
Related Articles
Leads & Clients API
The Leads & Clients API provides full CRUD operations for managing leads and client records programmatically.
API ReferenceTickets & Follow-ups API
The Tickets & Follow-ups API enables you to manage support tickets and schedule follow-ups programmatically.
API ReferenceRate Limits & Errors
Understanding rate limits and error handling is essential for building reliable integrations with the TrackNexus API.