GET/api/auth/{nextauth}

Product availabilityAlgaPSA

Handle NextAuth GET action

Catch-all Auth.js/NextAuth GET endpoint. The nextauth path segment selects the action: csrf returns a CSRF token and sets the CSRF cookie, providers returns configured provider metadata, session returns the current session or {}, signin/signout/error/verify-request render or redirect to configured pages, and callback/{provider} handles OAuth provider redirects. This route is the authentication surface itself and does not require API-key authentication.

Path parameters

nextauthstringRequired

NextAuth catch-all action path. Common values include csrf, providers, signin, signout, session, error, verify-request, webauthn-options, callback/credentials, callback/google, callback/azure-ad, and callback/keycloak.

Query parameters

callbackUrlstringOptional

Optional URL to redirect to after sign-in or sign-out flows.

errorstringOptional

Optional NextAuth/OAuth error code shown by sign-in or error pages.

codestringOptional

OAuth authorization code for provider callback sub-routes.

statestringOptional

OAuth state value for provider callback sub-routes.

error_descriptionstringOptional

Human-readable provider error description for OAuth callback sub-routes.

Response body

Success response 200 · schema NextAuthGetResponse

anyOf (option 1)object

session_idstring <uuid>

Current session UUID from the sessions table, created at sign-in.

login_methodstring

Authentication method used for this session, such as credentials, google, or azure-ad.

userobjectRequired

idstringRequired

User identifier from the users.user_id record.

emailstring <email>Required

User's email address.

namestringRequired

User's display name, usually first_name plus last_name.

usernamestringRequired

User's login username.

imagestring

Avatar or profile image URL.

proTokenstring

Legacy Pro token value when present.

tenantstring

Tenant UUID from the user session JWT.

tenantSlugstring

URL-safe tenant slug for portal routing.

user_typestring

User classification from users.user_type.

Enum: clientinternal

clientIdstring <uuid>

Client UUID from contacts.client_id for client-portal users.

contactIdstring <uuid>

Contact UUID from users.contact_id for client-portal users.

planstring

Current tenant billing plan key.

addonsarray of string

Enabled tenant add-on keys.

itemsstring

trial_endstringNullable

Trial expiry timestamp when present.

subscription_statusstringNullable

Billing subscription status copied into the session token.

Enum: activetrialingpast_dueunpaid

solo_pro_trial_endstringNullable

Solo Pro trial expiry timestamp when present.

premium_trial_endstringNullable

Premium trial expiry timestamp when present.

premium_trial_confirmedboolean

Whether the user confirmed the Premium trial.

premium_trial_effective_datestringNullable

Premium trial effective date when present.

anyOf (option 2)object

Empty object returned when no authenticated session is present.

anyOf (option 3)object

csrfTokenstringRequired

Opaque double-submit CSRF token required for mutating NextAuth POST actions.

anyOf (option 4)object

Map of configured providers keyed by provider ID.

anyOf (option 5)string

HTML popup callback page. The page posts a JSON oauth-callback message to window.opener or window.parent via postMessage, then attempts to close itself.

anyOf (option 6)object

Empty object returned when no authenticated session is present.

Response codes

200

Successful JSON or HTML response for the selected NextAuth action. Examples include { csrfToken }, provider maps, session objects, {}, or built-in HTML pages.

302

Redirect to the configured sign-in, sign-out, callback, or error destination.

404

No content when a built-in action is unavailable or disabled.

GET /api/auth/{nextauth}

cURL

curl -X GET "https://algapsa.com/api/auth/{nextauth}?callbackUrl=string&error=string&code=string&state=string&error_description=string" \
  -H "X-API-Key: $ALGA_API_KEY"

TypeScript

const response = await fetch("https://algapsa.com/api/auth/{nextauth}?callbackUrl=string&error=string&code=string&state=string&error_description=string", {
  method: "GET",
  headers: {
    "X-API-Key": "$ALGA_API_KEY",
  }
});
const data = await response.json();

using var client = new HttpClient();
using var request = new HttpRequestMessage(HttpMethod.Get, "https://algapsa.com/api/auth/{nextauth}?callbackUrl=string&error=string&code=string&state=string&error_description=string");
request.Headers.TryAddWithoutValidation("X-API-Key", "$ALGA_API_KEY");
var response = await client.SendAsync(request);
var body = await response.Content.ReadAsStringAsync();

200 OK·application/json

{
  "session_id": "01HN2K7VRB9PQ3Y0000000000",
  "login_method": "string",
  "user": {
    "id": "string",
    "email": "user@example.com",
    "name": "string",
    "username": "string",
    "image": "string",
    "proToken": "string",
    "tenant": "string",
    "tenantSlug": "string",
    "user_type": "client",
    "clientId": "01HN2K7VRB9PQ3Y0000000000",
    "contactId": "01HN2K7VRB9PQ3Y0000000000",
    "plan": "string",
    "addons": [
      "string"
    ],
    "trial_end": "string",
    "subscription_status": "active",
    "solo_pro_trial_end": "string",
    "premium_trial_end": "string",
    "premium_trial_confirmed": false,
    "premium_trial_effective_date": "string"
  }
}