# General

## Authenticate user with password

 - [POST /resources/auth/v1/user](https://developers.frontegg.com/ciam/api/identity/general/authenticatioauthenticationcontrollerv1_authenticatelocaluser.md): Authenticate a local user using their email and password.

Include the user's login credentials in the request body. This endpoint supports optional parameters such as an invitation token (for sign-up flows via invitation) and a reCAPTCHA token (if reCAPTCHA is enabled for login).

If the credentials are valid, the response includes a signed JWT and a refresh token that can be used for future authenticated requests.

## Refresh user JWT token

 - [POST /resources/auth/v1/user/token/refresh](https://developers.frontegg.com/ciam/api/identity/general/authenticatioauthenticationcontrollerv1_refreshtoken.md): Refresh a JWT based on the refresh token's expiration time.

This endpoint returns a new JWT and refresh token if the existing refresh token is valid and not expired. The request must include the refresh token cookie for the currently logged-in user.

Ensure your JWT settings are properly configured in the Frontegg Portal to support this flow.

## Logout user

 - [POST /resources/auth/v1/logout](https://developers.frontegg.com/ciam/api/identity/general/authenticatioauthenticationcontrollerv1_logout.md): Log out a user by invalidating their refresh token.

This endpoint logs out the currently authenticated user by invalidating the refresh token provided in the refresh token cookie.

This route is intended for applications using Frontegg's embedded login experience or for integrations that interact exclusively with Frontegg APIs.

## Signup user

 - [POST /resources/users/v1/signUp](https://developers.frontegg.com/ciam/api/identity/general/userscontrollerv1_signupuser.md): Sign up a new user and create a new account (tenant).

This endpoint registers a user with authentication details such as email, password, and the provider used for authentication (e.g., local, saml, google, github). Refer to the documentation or dropdown menu for the full list of supported provider values.

Additional optional fields such as user metadata may also be included. If not needed, metadata can be passed as an empty object (e.g., {}).

This endpoint is typically used during account (tenant) onboarding or self-sign-up flows.

## Signup user with username

 - [POST /resources/users/v1/signUp/username](https://developers.frontegg.com/ciam/api/identity/general/userssignupcontrollerv1_signupuserusername.md): Sign up a new user and create a new account (tenant). Include the frontegg-vendor-host header (your domain name from Portal → Workspace Settings → Domains). Required fields: email, provider (authentication method: local, saml, google, github), companyName, and metadata (can be empty {}). Requires an environment authentication token.