User Login - Thareja API Documentation

Overview

Authenticate a user with email and password. Returns user details, authentication token, and onboarding status flags. The token should be used for all subsequent API requests.

Request Body

string

required

User’s email address.Format: Valid email addressExample: "user@example.com"

password

string

required

User’s password.Example: "yourSecurePassword123"

Response

integer

User’s unique identifier.

name

string

User’s full name.

string

User’s email address.

profile_photo_url

string

URL to user’s profile picture.

current_team_id

integer

ID of the user’s current active team.

token

string

Authentication token for API requests. Use this in the Authorization: Bearer {token} header.

role

string

User’s role in the current team.Possible values: "owner", "manager", "member", "client"

isAdmin

string

Whether the user has admin privileges in the team.Possible values: "yes", "no"

contact_count

integer

Number of contacts the user has.

is_first_project_added

integer

Onboarding flag: Whether the first project has been added.Values: 0 (not added), 1 (added)

is_first_task_added

integer

Onboarding flag: Whether the first task has been added.Values: 0 (not added), 1 (added)

is_first_member_invited

integer

Onboarding flag: Whether the first team member has been invited.Values: 0 (not invited), 1 (invited)

timezone

string

User’s timezone setting.

two_factor_confirmed_at

string

Timestamp of two-factor authentication confirmation (if enabled).

created_at

string

Timestamp when the user account was created.

updated_at

string

Timestamp when the user account was last updated.

Example Request

curl --request POST \
  --url https://app.thareja.ai/api/v3/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "user@example.com",
    "password": "yourSecurePassword123"
  }'

Example Request (JavaScript)

fetch('https://app.thareja.ai/api/v3/user/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    email: "user@example.com",
    password: "yourSecurePassword123"
  })
})
.then(response => response.json())
.then(data => {
  // Store the token for future requests
  localStorage.setItem('authToken', data.token);
  console.log('Logged in successfully:', data);
})
.catch(error => console.error('Login failed:', error));

Example Response

{
  "id": 1,
  "name": "John Doe",
  "email": "john.doe@example.com",
  "profile_photo_url": "https://s3.amazonaws.com/bucket/profiles/user-1.jpg",
  "current_team_id": 5,
  "token": "1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0",
  "role": "owner",
  "isAdmin": "yes",
  "contact_count": 15,
  "is_first_project_added": 1,
  "is_first_task_added": 1,
  "is_first_member_invited": 1,
  "timezone": "America/New_York",
  "two_factor_confirmed_at": null,
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2025-11-28T10:30:00Z"
}

Example Response - New Team Owner

{
  "id": 2,
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "profile_photo_url": "https://ui-avatars.com/api/?name=Jane+Smith",
  "current_team_id": 10,
  "token": "2|Xy9Zw8Vu7Tt6Ss5Rr4Qq3Pp2Oo1Nn0Mm9",
  "role": "owner",
  "isAdmin": "yes",
  "contact_count": 0,
  "is_first_project_added": 0,
  "is_first_task_added": 0,
  "is_first_member_invited": 0,
  "timezone": "UTC",
  "two_factor_confirmed_at": null,
  "created_at": "2025-11-28T09:00:00Z",
  "updated_at": "2025-11-28T10:30:00Z"
}

Error Responses

{
  "error": "Incorrect email or password"
}

Authentication Token Usage

After successful login, use the returned token in all subsequent API requests:

curl --request GET \
  --url https://app.thareja.ai/api/v3/user/profile \
  --header 'Authorization: Bearer 1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0'

fetch('https://app.thareja.ai/api/v3/user/profile', {
  headers: {
    'Authorization': 'Bearer ' + token
  }
})
.then(response => response.json())
.then(data => console.log(data));

Onboarding Flags

The response includes three onboarding flags to help guide new users:

is_first_project_added

0: No projects have been created yet (show project creation prompt)
1: At least one project exists (skip project creation prompt)
Applies to: Owners and managers only

is_first_task_added

0: No tasks have been created yet (show task creation prompt)
1: At least one task exists (skip task creation prompt)
Applies to: Owners and managers only

is_first_member_invited

0: Team only has the owner (show member invitation prompt)
1: At least one additional member exists (skip invitation prompt)
Applies to: Owners only

User Roles

Role	Description	Permissions
`owner`	Team owner	Full access to all features and settings
`manager`	Team manager	Can manage projects, tasks, and team members
`member`	Regular member	Can work on assigned tasks and projects
`client`	External client	Limited access to assigned projects only

Role-Based Response Differences

Owner/Manager Response

Includes onboarding flags for projects and tasks:

{
  "role": "owner",
  "is_first_project_added": 0,
  "is_first_task_added": 0,
  "is_first_member_invited": 0
}

Member/Client Response

Onboarding flags default to 1 (completed):

{
  "role": "member",
  "is_first_project_added": 1,
  "is_first_task_added": 1,
  "is_first_member_invited": 1
}

Authentication: Validates email and password
Login method reset: Clears any previous login method (OAuth, etc.)
Token generation: Creates new authentication token
Role detection: Retrieves user’s role in current team
Admin status: Checks if user has admin privileges
Contact count: Calculates number of user contacts
Onboarding status: Determines which setup steps are complete
Response: Returns complete user profile with token

Security Features:

Passwords are hashed and never returned
Tokens are unique per session
Failed login attempts can be rate-limited
Login method tracking for security audits
Team context: current_team_id determines which team’s data to display

Security Considerations

HTTPS only: Always use HTTPS for login requests
Token protection: Treat tokens like passwords - never expose in URLs or logs
Token expiration: Implement token expiration and refresh mechanisms
Failed attempts: Monitor and limit failed login attempts
Password requirements: Enforce strong password policies during registration
Two-factor auth: Enable 2FA for enhanced security
Session management: Properly handle token revocation on logout

Register User - Create a new user account
Logout - Invalidate authentication token
Forgot Password - Request password reset
Reset Password - Reset user password
Get User Profile - Retrieve current user details
Update Profile - Update user information
Refresh Token - Get a new authentication token

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

string<email>

required

User's email address

Example:

"user@example.com"

password

string<password>

required

User's password

Example:

"yourSecurePassword123"

Response

integer

Example:

1

name

string

Example:

"John Doe"

string<email>

Example:

"john.doe@example.com"

profile_photo_url

string<uri>

Example:

"https://s3.amazonaws.com/bucket/profiles/user-1.jpg"

current_team_id

integer

Example:

5

token

string

Bearer token for API authentication

Example:

"1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0"

role

enum<string>

Available options:

owner,

manager,

member,

client

Example:

"owner"

isAdmin

enum<string>

Available options:

yes,

no

Example:

"yes"

contact_count

integer

Example:

15

is_first_project_added

enum<integer>

0 = not added, 1 = added

Available options:

0,

1

Example:

1

is_first_task_added

enum<integer>

0 = not added, 1 = added

Available options:

0,

1

Example:

1

is_first_member_invited

enum<integer>

0 = not invited, 1 = invited

Available options:

0,

1

Example:

1

timezone

string

Example:

"America/New_York"

two_factor_confirmed_at

string<date-time> | null

created_at

string<date-time>

updated_at

string<date-time>

Time tracking API reference

​Overview

​Request Body

​Response

​Example Request

​Example Request (JavaScript)

​Example Response

​Example Response - New Team Owner

​Error Responses

​Authentication Token Usage

​Onboarding Flags

​is_first_project_added

​is_first_task_added

​is_first_member_invited

​User Roles

​Role-Based Response Differences

​Owner/Manager Response

​Member/Client Response

​Login Behavior

​On Successful Login:

​Security Features:

​Security Considerations

​Related Endpoints

Authorizations

Body

Response

Overview

Request Body

Response

Example Request

Example Request (JavaScript)

Example Response

Example Response - New Team Owner

Error Responses

Authentication Token Usage

Onboarding Flags

is_first_project_added

is_first_task_added

is_first_member_invited

User Roles

Role-Based Response Differences

Owner/Manager Response

Member/Client Response

Login Behavior

On Successful Login:

Security Features:

Security Considerations

Related Endpoints