This document describes the authentication routes that Rodauth provides along with the possible params for JSON requests.
\nSome things to take note of:
\nThe Accept: application/json header is required by default, unless you explicitly disable checking it via json_check_accept? false
The params depend on the options set in the configuration for each feature. This will be stated in the description of each param.
\nIf you're using the jwt feature, you'll have to include the token in the Authentication header of requests that require authentication. The format is \"Bearer #{jwt}\"
The login param is email by default if you're using rodauth-rails. For redundancy, it'll be stated in the description of each endpoint that uses the param.
Written by Samuelodan with help from Janko Marohnić
\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[],"owner":"26686011","collectionId":"316b387c-d8ea-4a18-be44-95df64761403","publishedId":"2s9YC7SWn9","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2025-08-06T16:46:11.000Z"},"item":[{"name":"create-account","id":"bb1338e0-9ee1-424a-8c29-c60713f4f58f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"login\": \"testuser2@example.com\",\n \"password\": \"password\",\n \"password-confirm\": \"password\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/create-account","description":"This is the endpoint for creating a new account. The required params depend on the options set in the configuration for this feature.
\nAfter sign up, the user gets an email with an account verification link that contains a key which will be sent to this endpoint to verify the user.
\n","urlObject":{"path":["verify-account"],"host":["http://127.0.0.1:3000"],"query":[],"variable":[]}},"response":[{"id":"288504f4-e454-4060-86df-f7cfa15ea661","name":"successfully / 200","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"key\":\"12_ZHjDhRsul7jsMahi2LWWtCvo5Am85So6lbYe-AKIx_A\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/verify-account"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Authorization","value":"eyJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50X2lkIjoxMiwiYXV0aGVudGljYXRlZF9ieSI6WyJhdXRvbG9naW4iXSwiYXV0b2xvZ2luX3R5cGUiOiJ2ZXJpZnlfYWNjb3VudCJ9.GvAoDn6bvTxyG0GKppOFvecMVdJxbpZb1YC1KjegbY0"},{"key":"Content-Type","value":"application/json"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-XSS-Protection","value":"0"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"Referrer-Policy","value":"strict-origin-when-cross-origin"},{"key":"ETag","value":"W/\"3e779fcfb61327a1a994f1b452d3b0a3\""},{"key":"Cache-Control","value":"max-age=0, private, must-revalidate"},{"key":"X-Request-Id","value":"bf1e3f0d-bbf3-4b5d-bfc8-c583b6502612"},{"key":"X-Runtime","value":"0.064166"},{"key":"Server-Timing","value":"start_processing.action_controller;dur=0.42, sql.active_record;dur=19.51, process_action.action_controller;dur=39.96"},{"key":"Content-Length","value":"44"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": \"Your account has been verified\"\n}"}],"_postman_id":"d08c652f-0407-4658-9b31-4ea3a777afef"},{"name":"login","id":"3febd9a6-27b9-4526-be19-c228e75d9b6d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"login\": \"testuser2@example.com\",\n \"password\": \"password\"\n}"},"url":"http://127.0.0.1:3000/login","description":"The account has to be verfied to be successfully logged in, and for this endpoint, the required params also depend on the options set in the configuration for this feature.
\n","urlObject":{"path":["login"],"host":["http://127.0.0.1:3000"],"query":[],"variable":[]}},"response":[{"id":"caf9710a-036f-4ee9-840f-96974fe54505","name":"successfully / 200","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"login\": \"testuser2@example.com\",\n \"password\": \"password\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/login"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Authorization","value":"eyJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50X2lkIjoxMiwiYXV0aGVudGljYXRlZF9ieSI6WyJwYXNzd29yZCJdfQ.zZMbyc2L8QPMA_JQFtFeRyIftccYj8kuxwf3wKYnk2Q"},{"key":"Content-Type","value":"application/json"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-XSS-Protection","value":"0"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"Referrer-Policy","value":"strict-origin-when-cross-origin"},{"key":"ETag","value":"W/\"84e99047b21140845d7a43b2fa3a1c86\""},{"key":"Cache-Control","value":"max-age=0, private, must-revalidate"},{"key":"X-Request-Id","value":"79f6105e-5d6a-4355-9555-56f387c81e03"},{"key":"X-Runtime","value":"0.304664"},{"key":"Server-Timing","value":"start_processing.action_controller;dur=0.16, sql.active_record;dur=16.65, process_action.action_controller;dur=286.64"},{"key":"Content-Length","value":"37"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": \"You have been logged in\"\n}"}],"_postman_id":"3febd9a6-27b9-4526-be19-c228e75d9b6d"},{"name":"verify-account-resend","id":"3d82c4bb-05c8-4b1c-a50b-baabd047198f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"login\": \"testuser1@example.com\"\n}"},"url":"http://127.0.0.1:3000/verify-account-resend","description":"If for some reason, the user didn't get the initial verification email, use this endpoint to send them another one. Note that there's a 5-minute delay between resend requests by default. You can change this by passing a new integer value (in seconds) to verify_account_skip_resend_email_within in the auth class config.
This lets you change the user email address. Depending on the configuration, It could require sending a confirmation mail to the current email address. The login param refers to the new email address (login).
After requesting to change their email (login), the user will receive a confirmation email with a key in the link. This is the where to send the key.
\n","urlObject":{"path":["verify-login-change"],"host":["http://127.0.0.1:3000"],"query":[],"variable":[]}},"response":[{"id":"01fd064f-65ff-4c5f-b1b2-b3e7cc362b80","name":"successfully / 200","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"key\": \"12_FLFWdAfUE56mXje7qx5u8JsderGoqyfDaCtnahheePk\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/verify-login-change"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Authorization","value":"eyJhbGciOiJIUzI1NiJ9.e30.XLltXnMy6sNI6S5Wm5tjPvfiX-BZtC_xbQH_U0R8MrQ"},{"key":"Content-Type","value":"application/json"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-XSS-Protection","value":"0"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"Referrer-Policy","value":"strict-origin-when-cross-origin"},{"key":"ETag","value":"W/\"e18bc521880599402ebcb81691783dc2\""},{"key":"Cache-Control","value":"max-age=0, private, must-revalidate"},{"key":"X-Request-Id","value":"ab7b986f-146d-46b8-bc86-40047f250049"},{"key":"X-Runtime","value":"0.054096"},{"key":"Server-Timing","value":"start_processing.action_controller;dur=0.58, sql.active_record;dur=11.47, process_action.action_controller;dur=36.36"},{"key":"Content-Length","value":"49"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": \"Your login change has been verified\"\n}"}],"_postman_id":"283a5cfc-dfdd-455c-a9f1-fe83ff2f60fd"},{"name":"change-password","id":"2bc9029c-0e75-4d18-8e86-30937e60801f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer eyJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50X2lkIjoxMiwiYXV0aGVudGljYXRlZF9ieSI6WyJhdXRvbG9naW4iXSwiYXV0b2xvZ2luX3R5cGUiOiJ2ZXJpZnlfYWNjb3VudCJ9.GvAoDn6bvTxyG0GKppOFvecMVdJxbpZb1YC1KjegbY0"}],"body":{"mode":"raw","raw":"{\n \"password\": \"password\",\n \"new-password\": \"passwordnew\",\n \"password-confirm\": \"passwordnew\"\n}"},"url":"http://127.0.0.1:3000/change-password","description":"This is how you change users' passwords, and the password param represents current password.
The reset password form should submit to this endpoint with the key from the email link.
\n","urlObject":{"path":["reset-password"],"host":["http://127.0.0.1:3000"],"query":[],"variable":[]}},"response":[{"id":"c5a16273-2b74-4028-bdab-e83b281ba7dc","name":"successfully / 200","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n \"key\": \"12_QMgg7l5aSTU1di4T2UVu_NMtn3Td_-U1sQzp4uZ96iM\",\n \"password\": \"password\",\n \"password-confirm\": \"password\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/reset-password"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Authorization","value":"eyJhbGciOiJIUzI1NiJ9.e30.XLltXnMy6sNI6S5Wm5tjPvfiX-BZtC_xbQH_U0R8MrQ"},{"key":"Content-Type","value":"application/json"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-XSS-Protection","value":"0"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"Referrer-Policy","value":"strict-origin-when-cross-origin"},{"key":"ETag","value":"W/\"c6e5fa066541f7706a52c531e85c7218\""},{"key":"Cache-Control","value":"max-age=0, private, must-revalidate"},{"key":"X-Request-Id","value":"f4441ba9-3f6e-46f1-9f13-65a31337f99d"},{"key":"X-Runtime","value":"0.542773"},{"key":"Server-Timing","value":"start_processing.action_controller;dur=0.28, sql.active_record;dur=22.50, process_action.action_controller;dur=530.23"},{"key":"Content-Length","value":"42"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": \"Your password has been reset\"\n}"}],"_postman_id":"fb9fd975-fae1-4cb0-8451-e0ae0fc114b7"},{"name":"logout","id":"1b51c2ea-777e-4b91-9c6e-5436144a21d4","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json","type":"text"}],"url":"http://127.0.0.1:3000/logout","description":"By itself, this endpoint clears out the session. But for API apps, you'll want to enable the :active_sessions feature as it provides a strategy to revoke JWT on logout.
This lets users close their accounts.
\nNote that there's currently no endpoint for reopening a closed account.
\n","urlObject":{"path":["close-account"],"host":["http://127.0.0.1:3000"],"query":[],"variable":[]}},"response":[{"id":"41b96fe0-23ec-4db1-b969-400761cb72d5","name":"successfully / 200","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer eyJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50X2lkIjozLCJhdXRoZW50aWNhdGVkX2J5IjpbInBhc3N3b3JkIl19.Rnm9uaBSgvhZzulKii0iepwvdHyexQIPSPTsTnIXqwk"}],"body":{"mode":"raw","raw":"{\n \"password\": \"password\"\n}","options":{"raw":{"language":"json"}}},"url":"http://127.0.0.1:3000/close-account"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Authorization","value":"eyJhbGciOiJIUzI1NiJ9.e30.XLltXnMy6sNI6S5Wm5tjPvfiX-BZtC_xbQH_U0R8MrQ"},{"key":"Content-Type","value":"application/json"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"X-XSS-Protection","value":"0"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-Download-Options","value":"noopen"},{"key":"X-Permitted-Cross-Domain-Policies","value":"none"},{"key":"Referrer-Policy","value":"strict-origin-when-cross-origin"},{"key":"ETag","value":"W/\"339221a1642f0e9504bc067e02ad166e\""},{"key":"Cache-Control","value":"max-age=0, private, must-revalidate"},{"key":"X-Request-Id","value":"9948e4bf-744f-4111-8417-0b96da288e1b"},{"key":"X-Runtime","value":"0.398724"},{"key":"Server-Timing","value":"start_processing.action_controller;dur=1.29, sql.active_record;dur=65.24, process_action.action_controller;dur=384.68"},{"key":"Content-Length","value":"42"}],"cookie":[],"responseTime":null,"body":"{\n \"success\": \"Your account has been closed\"\n}"}],"_postman_id":"01a72f35-b451-4868-b8bd-96d91fe0da06"}],"variable":[{"key":"baseURL1","value":"http://127.0.0.1:3000","type":"any"}]}