# API — Auth Service > **Base URL:** `https://console.gisportal.id/api/v1` --- ## POST /auth/login Login via LDAP Active Directory. Tidak butuh auth header. **Request:** ```json {"username": "rbsetiawan", "password": "password123"} ``` **Response 200:** ```json { "token": "eyJ0eXAiOiJKV1Qi...", "expires_at": "2026-07-06T09:00:00+07:00", "user": { "username": "rbsetiawan", "display_name": "R B Setiawan", "groups": ["Domain Admins", "IT-Admin"] } } ``` **Response 401:** Credentials salah atau user tidak ada di AD. **Rate limit:** 5 req/menit. --- ## POST /auth/refresh Refresh JWT tanpa login ulang (token lama masih valid). **Header:** `Authorization: Bearer ` **Response 200:** ```json {"token": "eyJ0eXAiOiJKV1Qi...", "expires_at": "2026-07-06T09:00:00+07:00"} ``` --- ## GET /auth/token-guide Panduan penggunaan token. Public, tidak butuh auth. **Response 200:** HTML atau JSON guide. --- ## GET /me Info user yang sedang login. **Header:** `Authorization: Bearer ` **Response 200:** ```json { "username": "rbsetiawan", "display_name": "R B Setiawan", "email": "rbsetiawan@gisportal.id", "department": "IT", "groups": ["Domain Admins", "IT-Admin"], "avatar_url": "https://file.gisportal.id/super-apps/avatars/rbsetiawan-AbCd.jpg" } ``` --- ## PUT /me/avatar Upload avatar user (base64 encoded). **Header:** `Authorization: Bearer ` **Request:** ```json {"data": "data:image/jpeg;base64,/9j/4AAQSkZJRg..."} ``` - Max size: 300KB (base64) - Format: JPEG, PNG - Disimpan ke QNAP OSS bucket `super-apps` **Response 200:** ```json {"avatar_url": "https://file.gisportal.id/super-apps/avatars/rbsetiawan-AbCd1234.jpg"} ```