interview

home / developersection / interviews / what does a typical login api endpoint look like?

Ask Question

What does a typical login API endpoint look like?

ICSM Computer 137 11-Jun-2025
c# c# 
Updated on 11-Jun-2025
ICSM Computer

IT-Hardware & Networking

Ravi Vishwakarma is a dedicated Software Developer with a passion for crafting efficient and innovative solutions. With a keen eye for detail and years of experience, he excels in developing robust software systems that meet client needs. His expertise spans across multiple programming languages and technologies, making him a valuable asset in any software development project.

Message
Can you answer this question?
Answer

1 Answers

ICSM Computer

ICSM Computer

11-Jun-2025

A typical login API endpoint accepts user credentials (usually email/username and password), verifies them, and returns an authentication token (like a JWT) or a session cookie.

Common Structure of a Login API (RESTful)

Endpoint

POST /api/auth/login

Sample Request (JSON)

{
  "email": "user@example.com",
  "password": "P@ssw0rd!"
}

Sample Response (Token-based auth)

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expiresIn": 3600,
  "user": {
    "id": "123",
    "name": "John Doe",
    "email": "user@example.com"
  }
}

.NET (Framework or Core) – Example Controller Code (Token-Based)

[HttpPost]
[Route("api/auth/login")]
public async Task<IHttpActionResult> Login(LoginRequest model)
{
    if (!ModelState.IsValid)
        return BadRequest(ModelState);

    var user = await _userService.FindByEmailAsync(model.Email);
    if (user == null || !await _userService.CheckPasswordAsync(user, model.Password))
        return Unauthorized();

    var token = _tokenService.GenerateJwtToken(user);

    return Ok(new
    {
        token,
        expiresIn = 3600,
        user = new { user.Id, user.Name, user.Email }
    });
}

Request DTO

public class LoginRequest
{
    [Required]
    public string Email { get; set; }

    [Required]
    public string Password { get; set; }
}

Token Generation Example (JWT in .NET)

public string GenerateJwtToken(ApplicationUser user)
{
    var claims = new[]
    {
        new Claim(ClaimTypes.NameIdentifier, user.Id),
        new Claim(ClaimTypes.Email, user.Email)
    };

    var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("super-secret-key"));
    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

    var token = new JwtSecurityToken(
        issuer: "yourapp.com",
        audience: "yourapp.com",
        claims: claims,
        expires: DateTime.Now.AddHours(1),
        signingCredentials: creds);

    return new JwtSecurityTokenHandler().WriteToken(token);
}

Best Practices

Practice Why
Rate limiting Prevent brute-force
Secure password storage Use PBKDF2, bcrypt, or Argon2
Return minimal data Avoid leaking user info
HTTPS only Always secure credentials
CSRF protection (for cookies) Important if using cookie-based auth
advertising
advertising

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy