POST /api/v1/auth/sign-in

Authenticate an existing user with email and password. On success, the server sets access_token and refresh_token HTTP-only cookies and returns the user object.

Authentication

None

Request

Field	Type	Required	Description
`email`	string	Yes	User's email address
`password`	string	Yes	Account password

Example

curl -X POST https://intotes.com/api/v1/auth/sign-in \
  -H "Content-Type: application/json" \
  -d '{
    "email": "user@example.com",
    "password": "securePassword123"
  }'

Response

200 OK

Sets access_token and refresh_token as HTTP-only cookies.

{
  "user": {
    "id": 42,
    "name": "John",
    "nickname": "john_doe",
    "email": "user@example.com",
    "referral_code": "XYZ789",
    "language": "en",
    "theme": "dark",
    "balance": 50000,
    "bonus_balance": 1000,
    "total_balance": 51000,
    "avatar_url": "https://cdn.intotes.com/avatars/42.jpg",
    "is_creator": false,
    "is_stats_viewer": false,
    "total_predictions": 12,
    "biggest_win": 8500,
    "registered_date": "2026-01-15"
  }
}

Errors

Status	Code	Description
401	`INVALID_CREDENTIALS`	Email or password is incorrect
403	`EMAIL_NOT_VERIFIED`	Account exists but email has not been verified yet

Authentication​

Request​

Example​

Response​

200 OK​

Errors​