Authentication - ChangeGuard

POST /api/auth/login

{
  "email": "user@company.com",
  "password": "your-password"
}

Response:

{
  "token": "tok_abc123...",
  "email": "user@company.com",
  "tenantId": "uuid-here",
  "expiresAt": "2026-03-16T20:00:00Z"
}

POST /api/auth/signup

{
  "company": "Acme Corp",
  "email": "admin@acme.com",
  "password": "min-8-characters"
}

Response:

{
  "status": "created",
  "tenantId": "uuid-here",
  "email": "admin@acme.com",
  "plan": "trial",
  "apiKey": "cg_abc123...",
  "token": "tok_xyz789...",
  "message": "Welcome to ChangeGuard! Save your API key — it cannot be retrieved again."
}

The apiKey is returned only once. Save it immediately.

Verify Token

POST /api/auth/verify

{ "token": "tok_abc123..." }

Refresh Token

POST /api/auth/refresh

{ "token": "tok_abc123..." }

Returns a new token. The old token is revoked. Sessions last 8 hours and auto-refresh when less than 10 minutes remain.

Change Password

POST /api/auth/password
Authorization: Bearer TOKEN

{
  "currentPassword": "old-password",
  "newPassword": "new-password-min-8"
}

API Reference

​Login

​Signup

​Verify Token

​Refresh Token

​Change Password

Login

Signup

Verify Token

Refresh Token

Change Password