API reference · Auth
POST/api/auth/{nextauth}
Product availabilityAlgaPSA

Handle NextAuth POST action

Catch-all Auth.js/NextAuth POST endpoint. The nextauth path segment selects the action: callback/credentials authenticates email and password credentials, callback/{provider} handles OAuth callback form posts, signout clears the current session, session returns or updates session data, and csrf returns a CSRF token. Mutating actions require the csrfToken body field matching the Auth.js CSRF cookie. Credential success sets the encrypted Auth.js session cookie and redirects; failures typically redirect to /auth/signin with an error code.

Path parameters

nextauthstringRequired
NextAuth catch-all action path. Common values include csrf, providers, signin, signout, session, error, verify-request, webauthn-options, callback/credentials, callback/google, callback/azure-ad, and callback/keycloak.

Request body

Content type: application/json · schema NextAuthPostBody

emailstring <email>
Credentials-provider email address for callback/credentials.
passwordstring
Credentials-provider plaintext password for callback/credentials.
twoFactorCodestring
TOTP code required when two-factor authentication is enabled and the device is not trusted.
userTypestring
Optional user type used to scope credentials-provider lookup.
Enum: clientinternal
tenantstring
Optional tenant slug used to resolve the tenant for credentials-provider login.
csrfTokenstring
CSRF token from GET /api/auth/csrf. Required for sign-in, sign-out, and other mutating NextAuth actions.
callbackUrlstring
Post-authentication redirect URL.
redirectstring
NextAuth redirect mode flag.
jsonstring
NextAuth JSON response mode flag.
codestring
OAuth authorization code for provider callback actions.
statestring
OAuth state value for provider callback actions.
errorstring
Provider OAuth error code for callback actions.
error_descriptionstring
Provider OAuth error description for callback actions.

Response body

Success response 200

anyOf (option 1)object
session_idstring <uuid>
Current session UUID from the sessions table, created at sign-in.
login_methodstring
Authentication method used for this session, such as credentials, google, or azure-ad.
userobjectRequired
idstringRequired
User identifier from the users.user_id record.
emailstring <email>Required
User's email address.
namestringRequired
User's display name, usually first_name plus last_name.
usernamestringRequired
User's login username.
imagestring
Avatar or profile image URL.
proTokenstring
Legacy Pro token value when present.
tenantstring
Tenant UUID from the user session JWT.
tenantSlugstring
URL-safe tenant slug for portal routing.
user_typestring
User classification from users.user_type.
Enum: clientinternal
clientIdstring <uuid>
Client UUID from contacts.client_id for client-portal users.
contactIdstring <uuid>
Contact UUID from users.contact_id for client-portal users.
planstring
Current tenant billing plan key.
addonsarray of string
Enabled tenant add-on keys.
itemsstring
trial_endstringNullable
Trial expiry timestamp when present.
subscription_statusstringNullable
Billing subscription status copied into the session token.
Enum: activetrialingpast_dueunpaid
solo_pro_trial_endstringNullable
Solo Pro trial expiry timestamp when present.
premium_trial_endstringNullable
Premium trial expiry timestamp when present.
premium_trial_confirmedboolean
Whether the user confirmed the Premium trial.
premium_trial_effective_datestringNullable
Premium trial effective date when present.
anyOf (option 2)object
Empty object returned when no authenticated session is present.
anyOf (option 3)object
csrfTokenstringRequired
Opaque double-submit CSRF token required for mutating NextAuth POST actions.
anyOf (option 4)object
Empty object returned when no authenticated session is present.

Response codes

200
JSON response for session or csrf POST actions.
302
Redirect after sign-in, OAuth callback, sign-out, or error handling. Session cookies may be set or cleared.