Skip to main content

Authentication

LabTrace uses JWT (JSON Web Tokens) for authentication. All API endpoints except authentication-related ones require a valid JWT token in the Authorization header.

Authentication Flow

  1. Register a new user account
  2. Login with email and password to receive a JWT token
  3. Include the JWT token in the Authorization header for all subsequent requests
  4. Use password reset functionality if needed

Headers

For authenticated requests, include the JWT token in the Authorization header: 
Authorization: Bearer YOUR_JWT_TOKEN_HERE

Login

POST /login

Authenticate a user and receive a JWT token

Request Body

{
  "email": "[email protected]",
  "password": "your-password"
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Example

curl -X POST https://api.labtrace.io/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]", 
    "password": "your-password"
  }'

User Registration

POST /users

Register a new user account

Request Body

{
  "name": "John",
  "lastName": "Doe",
  "email": "[email protected]",
  "password": "secure-password",
  "organisation": "Research Institute",
  "location": "New York"
}

Response

{
  "info": {
    "statusCode": 200,
    "responseMessage": "User created"
  }
}

Example

curl -X POST https://api.labtrace.io/users \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John",
    "lastName": "Doe",
    "email": "[email protected]",
    "password": "secure-password",
    "organisation": "Research Institute",
    "location": "New York"
  }'

Account Activation

GET /users/activation/{token}

Activate a user account using the token sent via email

Parameters

  • token (path): Activation token received via email

Response

{
  "info": {
    "statusCode": 200,
    "responseMessage": "Account has been activated."
  }
}

Password Reset

Request Password Reset

GET /users/forgot-password/{email}

Request a password reset email

Parameters

  • email (path): User’s email address

Response

{
  "info": {
    "statusCode": 200,
    "responseMessage": "Password reset email sent"
  }
}

Reset Password

POST /users/reset-password/{token}

Reset password using the token sent via email

Parameters

  • token (path): Password reset token received via email

Request Body

{
  "password": "new-secure-password"
}

Response

{
  "info": {
    "statusCode": 200,
    "responseMessage": "Password has been changed."
  }
}

Example

curl -X POST https://api.labtrace.io/users/reset-password/RESET_TOKEN \
  -H "Content-Type: application/json" \
  -d '{
    "password": "new-secure-password"
  }'

Error Responses

All authentication endpoints may return the following error responses:

400 Bad Request

{
  "error": {
    "statusCode": 400,
    "message": "Invalid request parameters"
  }
}

401 Unauthorized

{
  "error": {
    "statusCode": 401,
    "message": "Invalid credentials"
  }
}

500 Internal Server Error

{
  "error": {
    "statusCode": 500,
    "message": "Internal server error"
  }
}

JWT Token Information

JWT tokens contain the following claims:
  • id: User ID
  • email: User email
  • iat: Issued at timestamp
  • exp: Expiration timestamp
Tokens are valid for 24 hours and will need to be refreshed by logging in again when expired.