Authentication
zMesh provides built-in authentication for platform access and project-level user management.
Platform Auth
These endpoints manage your zMesh account — signup, login, MFA, sessions.
Sign Up
POST /auth/signup
{
"email": "you@example.com",
"password": "SecureP@ss123",
"full_name": "Your Name"
}Login
POST /auth/login
{
"email": "you@example.com",
"password": "SecureP@ss123"
}
// Response
{
"access_token": "eyJhbGci...",
"refresh_token": "dGhpcyBp...",
"token_type": "bearer",
"expires_in": 604800
}OTP (Phone Auth)
POST /auth/otp/send
{ "phone": "+91XXXXXXXXXX", "channel": "sms" }POST /auth/otp/verify
{ "phone": "+91XXXXXXXXXX", "otp": "123456" }Refresh Token
POST /auth/refresh
{ "refresh_token": "dGhpcyBp..." }Get Current User
GET /auth/me
Authorization: Bearer <access_token>Logout
POST /auth/logout
Authorization: Bearer <access_token>
{ "refresh_token": "dGhpcyBp..." }Token Format
zMesh uses JWTs with the following defaults:
- Access Token — 7 days expiry
- Refresh Token — 90 days expiry
- Algorithm — HS256
For authenticating end-users of your apps, see User Auth (Project).