Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cognerd.in/llms.txt

Use this file to discover all available pages before exploring further.

Every CogNerd API request that accesses your data requires a valid session token. You obtain a token by logging in with your email and password. Once you have a token, you pass it in the Authorization header on every subsequent request. This page walks through registration, login, and authenticated calls — with working copy-paste examples in both curl and JavaScript.

Register an account

Send a POST request to /api/auth/register with your name, email, and password. Registration creates your account and logs you in automatically — the response includes your session token so you can start making authenticated requests immediately. 
curl -X POST https://api.cognerd.in/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Smith",
    "email": "you@example.com",
    "password": "your-password"
  }'

Request parameters

name
string
required
Your full name. Stored on your profile and visible in the dashboard.
email
string
required
The email address you want to use as your login credential. Must be unique.
password
string
required
Your chosen password. Must be at least 8 characters. CogNerd never stores plaintext passwords.

Response

{
  "token": "eyJhbGci...",
  "user": {
    "id": "usr_123",
    "email": "you@example.com"
  }
}
token
string
Your session token. Use this in the Authorization: Bearer header for all authenticated requests.
user.id
string
Your unique user ID.
user.email
string
The email address associated with your account.

Log in

If you already have an account, send a POST request to /api/auth/login. A successful login returns a fresh session token. 
curl -X POST https://api.cognerd.in/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "your-password"}'

Request parameters

email
string
required
The email address you registered with.
password
string
required
Your account password.

Response

{
  "token": "eyJhbGci...",
  "user": {
    "id": "usr_123",
    "email": "you@example.com"
  }
}
token
string
Your session token. Store this securely — you will send it with every authenticated request.
user.id
string
Your unique user ID.
user.email
string
The email address associated with your account.

Authenticate requests

Pass your token in the Authorization header as a Bearer token on every protected request. 
Authorization: Bearer YOUR_TOKEN

Example — fetch your user profile

curl https://api.cognerd.in/api/auth/me \
  -H "Authorization: Bearer eyJhbGci..."

Response

{
  "user": {
    "id": 42,
    "name": "Jane Smith",
    "email": "you@example.com",
    "phone": null,
    "image": null,
    "plan": "basic",
    "createdAt": "2024-01-10T08:00:00.000Z",
    "updatedAt": "2024-01-15T10:30:00.000Z"
  }
}
user.id
number
Your numeric user ID.
user.name
string
Your display name.
user.email
string
Your registered email address.
user.plan
string
Your active subscription plan (e.g., "monitor", "optimize", "enterprise").

Token expiry and refresh

Session tokens are valid for 7 days. The expiry is automatically extended by 1 day on each successful authenticated request, so an active session stays alive without any action from you. If your token has expired, re-authenticate using POST /api/auth/login to get a fresh one.
There is no separate refresh token endpoint. Simply log in again when your session expires.

Authentication errors

When a request is missing a token or the token is invalid/expired, the API responds with a 401 status code. 
{
  "error": {
    "message": "Please log in to use this feature",
    "code": "UNAUTHORIZED",
    "statusCode": 401,
    "timestamp": "2024-01-15T10:30:00.000Z"
  }
}
error.code
string
Always "UNAUTHORIZED" for authentication failures.
error.message
string
A human-readable description of why the request was rejected.
Never expose your session token in client-side code, public repositories, or logs. Treat it with the same care as a password.

Keeping your token secure

A few recommendations for API integrations:
  • Store tokens in environment variables, a secrets manager, or an encrypted credential store — never hard-code them in source files.
  • Rotate tokens by logging out (POST /api/auth/logout) and logging in again if you suspect a token has been compromised.
  • Use HTTPS at all times. The production endpoint (https://api.cognerd.in) enforces TLS automatically.