ScrapeNest supports both cookie-based JSON login (/login) and stateless bearer tokens (/token). All authenticated API calls expect a bearer token unless you specifically rely on cookies.

Register

POST /register

Payload:

{ "email": "you@example.com", "password": "min-8-chars" }

• Validates email format and password length (>= 8).
• Returns 202 Accepted with an empty body.
• Duplicate emails return 409 Conflict (detail: "email_already_used").

Verify email

GET /verify?token=...

• Token comes from the verification email.
• Success: {"status":"ok"}.
• Missing token: 400 {"error":"missing_token"}.
• Invalid/expired token: 422 with detail: "invalid_or_expired_token".

Login (session)

POST /login

• Body: same as register (email, password).
• Success: {"status":"ok","user":{id,email,isVerified}}.
• Failure: 401 with an error payload.
• Login is throttled to 5 attempts per minute per client.

Issue bearer token

POST /token

curl -X POST https://api.scrapenest.com/token \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"secret"}'

Response:

{
  "access_token": "jwt...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "user": { "id": "uuid", "email": "you@example.com", "isVerified": true }
}

Use Authorization: Bearer <access_token> on subsequent calls. Token TTL is configured server-side (app.jwt_ttl).

Invalid credentials return 401 Unauthorized; validation issues return 422 with errors.

Current user

GET /me

• Authenticated: {"authenticated":true,"user":{...,"createdAt":"..."}}.
• Unauthenticated: 401 {"authenticated":false}.