JWT and User Management in a Secure Authentication API

Create and put into use a safe, production-ready authentication API with the following essential components:

1. User Enrollment (Signup):
   • Permit users to register using a password and email address.
   • Verify input data and implement strict password regulations.
   • Use hashing to safely store passwords (e.g., bcrypt)
2. Log in as a user:
   • Use a password and email to authenticate users.
   • After a successful login, return a signed JSON Web Token (JWT).
   • Put in place appropriate error handling for invalid credentials.
3. Session Management Using JWT:
   • Create tokens for access and refresh.
   • Put in place procedures for token expiration and refresh.
   • JWT authentication middleware for secure endpoints
4. Verification of Email:
   • After registering, send a verification email.
   • Add a time-limited, secure verification token.
   • User accounts should only be activated following successful verification.
5. Password Reset Features:
   • Permit users to send an email requesting to reset their passwords.
   • Create a secure reset token with an expiration date and deliver it.
   • Permit users to use the token to change their passwords.
6. Best Practices for Security:
   • Guard against common vulnerabilities (such as injection attacks and brute force assaults).
   • Put input sanitization and rate limitation into practice.
   • Make use of secure headers and HTTPS.
   • Keep private information safe, such as environment variables.
7. Technical specifications:
   • Adhere to RESTful API design guidelines
   • Make use of appropriate HTTP status codes and a clear route structure.
   • Add a code architecture that is modular and maintainable.
   • Give examples of each endpoint’s request and response formats.

Make that the API is appropriate for real-world deployment, scalable, and well-documented.