Customer Login API

This endpoint allows customers to authenticate and obtain access tokens for the FinHub platform.

Authentication Flow

The login process follows these steps:
  1. Client submits credentials (username/email and password)
  2. Server validates credentials
  3. If valid, server returns access and refresh tokens
  4. Client stores tokens for subsequent API calls

Request Example

{
  "username": "customer@example.com",
  "password": "securePassword123",
  "deviceId": "device-unique-identifier",
  "ipAddress": "192.168.1.1"
}

Response Example

{
  "status": "success",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "user": {
      "id": "usr_12345abcde",
      "email": "customer@example.com",
      "firstName": "John",
      "lastName": "Doe",
      "role": "customer"
    }
  }
}

Error Codes

CodeDescription
401Invalid credentials
403Account locked
429Too many login attempts

Security Considerations

  • Implement rate limiting to prevent brute force attacks
  • Store tokens securely (HttpOnly cookies or secure storage)
  • Consider implementing MFA for enhanced security