Authentication Protocol
BudgetWise implements session-based authentication to manage secure user sessions and protect sensitive financial data.
Authentication Workflow
- Identity Verification: Clients transmit a
POSTrequest to/api/auth/login/with valid credentials. - Session Establishment: Upon verification, the server issues a unique session identifier (
sessionid) via a secure cookie. - Authorized Access: Subsequent requests must include this session identifier to access protected resources.
Integration Requirements
For frontend applications, it is mandatory to configure the network client with credentials: "include". This ensures the browser appropriately manages and transmits session cookies.
API Endpoints
| Endpoint | Method | Functional Description |
|---|---|---|
/api/auth/login/ |
POST |
Authenticates user and initializes session |
/api/auth/logout/ |
POST |
Invalidates current session |
/api/auth/ |
POST |
User registration |
/api/auth/me/ |
GET |
Retrieves authenticated profile data |
Security Controls
The application enforces Cross-Site Request Forgery (CSRF) protection for state-changing operations. Developers should ensure the X-CSRFToken header is properly handled in production environments.