Skip to Content
API ReferenceOpenAPI SpecsAuth Service

Auth Service — OpenAPI

The auth service handles email/password login and JWT token exchange. It stores users in PostgreSQL (the users table) and verifies passwords with bcrypt.

Accessing the Spec

Swagger UIhttp://localhost:8009/docs 
ReDochttp://localhost:8009/redoc 
OpenAPI JSONhttp://localhost:8009/openapi.json 

These URLs access the service directly (port 8009), bypassing the API gateway. In production, use the gateway at port 8000.

Route Prefixes

  • /auth/token — Exchange email + password for a JWT token
  • /auth/validate — Validate a JWT token (used by the API gateway on every request)
  • /auth/forward-auth — Method-agnostic check of the aegis_token cookie or Bearer header (used by Caddy)

Key models: TokenRequest (email, password), TokenResponse (access_token, token_type, expires_in, user_id, role), ValidateResponse (valid, user_id, role).

For local development, log in with admin@aegis.local / aegis-dev-admin (the seeded bootstrap admin), which maps to dev-user-001 with the admin role.

Last updated on
Flaring MonitorAgent Config Service