Family Pocket Authentication API

Complete API endpoint documentation

Base URL: /api

Authentication(9 endpoints)

POST/api/auth/login

User login with email/national ID and password. Supports biometric login. Returns JWT tokens, user data, accessible tenants, current tenant, app version, and Google Maps API key.

Auth: None (public)Rate Limit: Yes (strict)

PUT/api/auth/login

Refresh access token using a refresh token. Returns new access and refresh tokens.

Auth: None (public)Rate Limit: Yes

PATCH/api/auth/login

Switch active tenant for a user. Requires authentication and validates user has access to target tenant.

Auth: Required (JWT)Rate Limit: Yes

DELETE/api/auth/login

Logout user. Invalidates the current access token and clears session.

Auth: Required (JWT)Rate Limit: No

POST/api/auth/forgot-password

Reset user password without authentication. Requires national ID, email, phone, and new password for verification. This is a password reset endpoint, not a password change endpoint.

Auth: None (public)Rate Limit: Yes (5 requests per 5 minutes)

POST/api/auth/change-passwordNot Implemented

Change password for authenticated user. Requires current password and new password. User must be logged in.

Auth: Required (JWT)Rate Limit: Yes

POST/api/auth/change-emailNot Implemented

Change email address for authenticated user. Requires current password and new email address. May require email verification.

Auth: Required (JWT)Rate Limit: Yes

POST/api/auth/verify-emailNot Implemented

Verify email address using verification token sent to user's email. Required after email change or registration.

Auth: None (public)Rate Limit: Yes

POST/api/auth/resend-verificationNot Implemented

Resend email verification token to user's email address. Useful if verification email was not received.

Family Pocket Authentication API

Authentication(9 endpoints)

Configuration(6 endpoints)

Tenants(25 endpoints)

Notifications(1 endpoint)

Users(4 endpoints)

Agents(16 endpoints)