Docs / API / Authentication

🔐 Authentication

The Praxis API uses JWT (JSON Web Tokens) for authentication. All API requests (except login/register) require a valid token.

Register a New Account

POST /api/auth/register

Request Body

{
  "email": "john@example.com",
  "password": "securePassword123",
  "firstName": "John",
  "lastName": "Doe",
  "firmName": "Doe & Associates"  // optional
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "john@example.com",
    "firstName": "John",
    "lastName": "Doe",
    "role": "admin",
    "firmId": "660e8400-e29b-41d4-a716-446655440001"
  },
  "firm": {
    "id": "660e8400-e29b-41d4-a716-446655440001",
    "name": "Doe & Associates",
    "subscriptionTier": "trial",
    "subscriptionExpiry": "2026-02-15T00:00:00Z"
  }
}

Login

POST /api/auth/login

Request Body

{
  "email": "john@example.com",
  "password": "securePassword123"
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": { ... },
  "firm": { ... }
}

Error Responses

StatusErrorDescription
401Invalid email or passwordCredentials don't match
401Account is disabledUser account has been deactivated
401Firm account is disabledFirm subscription expired or disabled

Using the Token

Include the token in the Authorization header for all authenticated requests:

GET /api/cases HTTP/1.1
Host: cloud.praxislegal.be
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Example with cURL

curl -X GET "https://cloud.praxislegal.be/api/cases" \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

Example with JavaScript

const response = await fetch('https://cloud.praxislegal.be/api/cases', {
  headers: {
    'Authorization': `Bearer ${token}`
  }
});
const data = await response.json();

Get Current User

GET /api/auth/me

Returns the currently authenticated user and firm information.

Response

{
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "john@example.com",
    "firstName": "John",
    "lastName": "Doe",
    "role": "admin",
    "firmId": "660e8400-e29b-41d4-a716-446655440001"
  },
  "firm": {
    "id": "660e8400-e29b-41d4-a716-446655440001",
    "name": "Doe & Associates",
    "subscriptionTier": "professional",
    "subscriptionExpiry": "2027-01-15T00:00:00Z"
  }
}

Change Password

POST /api/auth/change-password

Request Body

{
  "currentPassword": "oldPassword123",
  "newPassword": "newSecurePassword456"
}

Response

{
  "message": "Password changed successfully"
}

Token Expiration

JWT tokens expire after 24 hours. When a token expires, you'll receive a 401 response:

{
  "error": "Token expired"
}

Simply call the login endpoint again to obtain a new token.

Security Best Practices

← Back to API Overview