Zesty Auth API

openapi: 3.1.0
info:
  title: Zesty Auth API
  description: >-
    The Zesty.io Auth API is used to authenticate users with the Zesty.io
    platform. It returns a session token that grants access to the Instances
    API, Accounts API, and Media API. Auth is a standalone service designed
    to connect to many services in the Zesty.io infrastructure. User
    authentication is done by providing a user account email and password
    combination, which issues a short-lived 30-minute session token that is
    extended whenever an authenticated action is taken.
  version: 1.0.0
  contact:
    name: Zesty.io
    url: https://www.zesty.io/
  license:
    name: Proprietary
    url: https://www.zesty.io/
externalDocs:
  description: Zesty Auth API Documentation
  url: https://docs.zesty.io/docs/auth-api
servers:
  - url: https://auth.api.zesty.io
    description: Zesty Auth API Production Server
paths:
  /login:
    post:
      operationId: login
      summary: Zesty Authenticate a user
      description: >-
        Authenticates a user by providing an email and password combination.
        Returns a session token upon successful authentication. The session
        token is a short-lived 30-minute token that is extended whenever an
        authenticated action is taken.
      tags:
        - Authentication
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - email
                - password
              properties:
                email:
                  type: string
                  format: email
                  description: The user's email address.
                password:
                  type: string
                  format: password
                  description: The user's password.
      responses:
        '200':
          description: Successfully authenticated. Returns a session token.
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: integer
                  message:
                    type: string
                  data:
                    type: string
                    description: The session token.
        '401':
          description: Invalid credentials.
  /logout:
    delete:
      operationId: logout
      summary: Zesty End a user session
      description: >-
        Logs out the current user session and invalidates the session token.
      tags:
        - Authentication
      security:
        - sessionToken: []
      responses:
        '200':
          description: Successfully logged out.
        '401':
          description: Unauthorized. Invalid or expired session token.
  /verify:
    get:
      operationId: verifyToken
      summary: Zesty Verify a session token
      description: >-
        Verifies whether the provided session token is still valid and
        returns user information associated with the token.
      tags:
        - Authentication
      security:
        - sessionToken: []
      responses:
        '200':
          description: Token is valid.
          content:
            application/json:
              schema:
                type: object
                properties:
                  code:
                    type: integer
                  message:
                    type: string
                  data:
                    type: object
                    properties:
                      ZUID:
                        type: string
                        description: The user's Zesty Universal Identifier.
                      email:
                        type: string
                        format: email
                      firstName:
                        type: string
                      lastName:
                        type: string
        '401':
          description: Invalid or expired token.
  /password/request:
    post:
      operationId: requestPasswordReset
      summary: Zesty Request a password reset
      description: >-
        Sends a password reset email to the specified email address if an
        account with that email exists.
      tags:
        - Password
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - email
              properties:
                email:
                  type: string
                  format: email
                  description: The email address associated with the account.
      responses:
        '200':
          description: Password reset email sent if the account exists.
        '400':
          description: Invalid request.
  /password/reset:
    post:
      operationId: resetPassword
      summary: Zesty Reset a user password
      description: >-
        Resets the user's password using the reset token received via email.
      tags:
        - Password
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - token
                - password
              properties:
                token:
                  type: string
                  description: The password reset token from the email.
                password:
                  type: string
                  format: password
                  description: The new password.
      responses:
        '200':
          description: Password successfully reset.
        '400':
          description: Invalid or expired token.
components:
  securitySchemes:
    sessionToken:
      type: apiKey
      in: header
      name: Authorization
      description: >-
        A session token obtained from the login endpoint. Short-lived
        30-minute token extended on each authenticated action.
tags:
  - name: Authentication
    description: User authentication and session management.
  - name: Password
    description: Password management operations.