Login | Movie Knight Server

What: Verify credentials by email OR username and return a JWT plus the safe user.

Auth: None.

Body (JSON):

Field	Type	Required	Description	Example
emailOrUsername	string	yes	Email (case-insensitive) or username (case-sensitive).	`moviefan@example.com`
password	string	yes	Plaintext password to compare against the stored hash.	`secret123`

Returns: data = { token, user }. A bad identifier and a bad password both return the same 401 (no leak of which was wrong).

**What:** Verify credentials by email OR username and return a JWT plus the safe user. **Auth:** None. **Body (JSON):** | Field | Type | Required | Description | Example | |---|---|---|---|---| | emailOrUsername | string | yes | Email (case-insensitive) or username (case-sensitive). | `moviefan@example.com` | | password | string | yes | Plaintext password to compare against the stored hash. | `secret123` | **Returns:** `data = { token, user }`. A bad identifier and a bad password both return the same `401` (no leak of which was wrong).

$	curl -X POST https://{{baseurl}}/api/auth/login \
>	-H "Authorization: Bearer <token>" \
>	-H "Content-Type: application/json" \
>	-d '{
>	"password": "secret123",
>	"emailOrUsername": "moviefan@example.com"
>	}'

1	{
2	"ok": true,
3	"data": {
4	"user": {
5	"id": "66a1f2c4e5b3a1234567890a",
6	"bio": "",
7	"name": "Movie Fan",
8	"email": "moviefan@example.com",
9	"badges": [],
10	"aiUsage": {
11	"used": 0,
12	"limit": 5,
13	"remaining": 5
14	},
15	"username": "moviefan",
16	"createdAt": "2026-06-25T10:30:00.000Z",
17	"dateOfBirth": "1999-05-20T00:00:00.000Z"
18	},
19	"token": "{{supabase_service_role_api_key_19n1}}"
20	}
21	}

Authentication

Request

Response

Errors