Authentication¶

Endpoints for account registration, login, token management, and logout. All endpoints on this page are public unless noted.

Register driver¶

POST /api/register/driver

Creates a new driver account and returns a token pair.

Request body

json { "firstName": "Marcus", "lastName": "Bell", "email": "marcus@example.com", "password": "strongpassword", "phoneNumber": "+14165550101", "licenseNumber": "D9382710" }

Response 200 OK

json { "email": "marcus@example.com", "access_token": "<jwt>", "refresh_token": "<uuid>" }

Register customer¶

POST /api/register/customer

Creates a new customer account and returns a token pair.

Request body

json { "firstName": "Jane", "lastName": "Doe", "email": "jane@example.com", "password": "strongpassword", "phoneNumber": "+14165550100" }

Response 200 OK

json { "email": "jane@example.com", "access_token": "<jwt>", "refresh_token": "<uuid>" }

POST /api/login

Authenticates a user. Revokes all existing tokens before issuing a new pair.

Request body

json { "email": "jane@example.com", "password": "strongpassword" }

Response 200 OK

json { "email": "jane@example.com", "statusCode": 200, "access_token": "<jwt>", "refresh_token": "<uuid>" }

Refresh tokens¶

POST /api/auth/refresh

Exchanges a valid refresh token for a new access + refresh token pair. The submitted refresh token is immediately revoked (rotation).

Request body

json { "refreshToken": "a3f9c2d1-1234-5678-abcd-ef0123456789" }

Response 200 OK

json { "access_token": "<new-jwt>", "refresh_token": "<new-uuid>" }

Error responses

Status	Condition
`400 Bad Request`	`refreshToken` field is blank
`409 Conflict`	Token is revoked, expired, or not found

Logout¶

POST /api/logout 🔒 Authenticated

Revokes all active tokens for the authenticated user.

Request body: none

Response 200 OK

json { "statusCode": 200 }

Authentication¶

Register driver¶

Register customer¶

Login¶

Refresh tokens¶

Logout¶