Skip to content

Get Auth0 authorization URL​

POST
/api/v2/auth/login

Returns the Auth0 authorization URL for both TS and non-TS users. Only available when SITE_AUTH_METHOD=auth0 (returns 403 with error=ticketsocket_user_restricted otherwise).

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"redirect_uri": "https://admin.ticketsocket.com/dashboard"
}

Responses​

Auth0 authorization URL

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"auth_url": "string"
  
}
}

Playground​

Authorization
Body

Samples​


Deprecated

Get Auth0 authorization URL for TicketSocket users​

POST
/api/v2/auth/ticketsocket/login

Deprecated. Use POST /auth/login instead. Returns the Auth0 authorization URL with a ticketsocket login channel flag in the state parameter. After Auth0 authentication, the callback will reject non-TicketSocket users (ticketSocketUser != 1), revoke their tokens, and redirect through Auth0 logout to clear the SSO session.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"redirect_uri": "https://admin.ticketsocket.com/dashboard"
}

Responses​

Auth0 authorization URL with ticketsocket login channel

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"auth_url": "string"
  
}
}

Playground​

Authorization
Body

Samples​


Auth0 callback handler​

GET
/api/v2/auth/callback

Handles the Auth0 callback, exchanges code for tokens, validates user in system_administrators, sets JWT cookie, and redirects. The deprecated ticketsocket login channel rejects non-TicketSocket users (?error_code=not_ticketsocket_user).

Authorizations​

bearerAuth
Type
HTTP (bearer)

Parameters​

Query Parameters

code*

Authorization code from Auth0

Type
string
Required
state

State parameter containing redirect URI

Type
string

Responses​

Redirect to Admin2 UI after successful authentication

Playground​

Authorization
Variables
Key
Value

Samples​


Get current user profile​

GET
/api/v2/auth/me

Returns the current authenticated user profile and permissions from JWT cookie or Authorization header

Authorizations​

bearerAuth
Type
HTTP (bearer)

Responses​

User profile and permissions

application/json
JSON
{
  
"count": 1,
  
"data": "string"
}

Playground​

Authorization

Samples​


Deprecated

Get current user profile (deprecation test)​

GET
/api/v2/auth/me2

Identical to GET /auth/me. This endpoint exists to test the API deprecation flow in the frontend package.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Responses​

User profile and permissions

application/json
JSON
{
  
"count": 1,
  
"data": "string"
}

Playground​

Authorization

Samples​


Logout current user​

POST
/api/v2/auth/logout

Clears the authentication cookie and returns the Auth0 logout URL. The client should redirect the browser to logout_url to clear the Auth0 SSO session.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Parameters​

Query Parameters

return_to

URL to redirect to after Auth0 logout completes

Type
string

Responses​

Logout successful. Auth cookie cleared. Client should redirect to logout_url.

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"success": true,
  
  
"logout_url": "string"
  
}
}

Playground​

Authorization
Variables
Key
Value

Samples​


Refresh authentication token​

POST
/api/v2/auth/refresh

Refreshes the JWT token if still valid

Authorizations​

bearerAuth
Type
HTTP (bearer)

Responses​

Token refreshed successfully

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"refreshed": true
  
}
}

Playground​

Authorization

Samples​


Legacy login (bypasses Auth0)​

POST
/api/v2/auth/legacy/login

Authenticates user directly against the database using login and password, bypassing Auth0. Only available when SITE_AUTH_METHOD=legacy (returns 403 otherwise). Returns JWT token on success. TicketSocket users (ticketSocketUser=1) are rejected and must use the TicketSocket login channel instead.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"login": "admin@example.com",
  
"password": "password123"
}

Responses​

Login successful

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"success": true,
  
  
"jwt": "string",
  
  
"user": {
  
  
}
  
}
}

Playground​

Authorization
Body

Samples​


Legacy logout (bypasses Auth0)​

POST
/api/v2/auth/legacy/logout

Clears the authentication cookie without redirecting to Auth0 logout URL. Returns JSON response instead of redirect.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Responses​

Logout successful

application/json
JSON
{
  
"count": 1,
  
"data": {
  
  
"success": true,
  
  
"message": "Logged out successfully"
  
}
}

Playground​

Authorization

Samples​


Request password change via Auth0​

POST
/api/v2/auth/change-password

Triggers a password reset email via Auth0. Only for users authenticated via Auth0.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Responses​

Password reset email sent

application/json
JSON
{
  
"success": true,
  
"message": "Password reset email has been sent. Please check your inbox."
}

Playground​

Authorization

Samples​


Change password for legacy authenticated users​

POST
/api/v2/auth/legacy/change-password

Changes password by verifying old password and setting new password. Only for users authenticated via legacy login.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"oldPassword": "currentPassword123",
  
"newPassword": "newPassword456"
}

Responses​

Password changed successfully

application/json
JSON
{
  
"success": true,
  
"message": "Password changed successfully"
}

Playground​

Authorization
Body

Samples​


Request password reset email for legacy users​

POST
/api/v2/auth/legacy/forgot-password

Generates a password reset token, stores it in the database, and sends a reset email to the user. Rate limited to 3 attempts per 24 hours. Response is intentionally vague to prevent email enumeration.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"email": "admin@example.com"
}

Responses​

Reset email sent (or account not found - same response to prevent enumeration)

application/json
JSON
{
  
"data": {
  
  
"success": true,
  
  
"message": "If an account with that email exists, a password reset link has been sent."
  
}
}

Playground​

Authorization
Body

Samples​


Reset password using token from email​

POST
/api/v2/auth/legacy/reset-password

Validates the reset token and sets a new password. Token must be valid, not expired (24h), and not previously used. The token is tied to the specific administrator who requested the reset.

Authorizations​

bearerAuth
Type
HTTP (bearer)

Request Body​

application/json
JSON
{
  
"token": "a1b2c3d4e5f6...",
  
"newPassword": "newSecurePassword123"
}

Responses​

Password reset successfully

application/json
JSON
{
  
"data": {
  
  
"success": true,
  
  
"message": "Password has been reset successfully. You can now log in with your new password."
  
}
}

Playground​

Authorization
Body

Samples​


Powered by VitePress OpenAPI