diff --git a/README.md b/README.md
index a6a08a1cd2f29b18fecba2ba8731681e8a9c34be..aeae18fc1d558ab905dc5a8606642415885ae759 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,10 @@
 
 </details>
 
+## Postman
+
+Импортировать в Postman `{URL}/api/doc.json`
+
 ## Настройка Xdebug (PHPStorm)
 <details>
 <summary>Инструкция</summary>
diff --git a/app/config/packages/security.yaml b/app/config/packages/security.yaml
index ffde54bbe1acd25dc1c8a6462b46234216df4561..b4562029548b6418a2c97423c4656053a5278f2d 100644
--- a/app/config/packages/security.yaml
+++ b/app/config/packages/security.yaml
@@ -46,22 +46,13 @@ security:
         - { path: ^/api/doc, roles: PUBLIC_ACCESS }
 
         - { path: ^/api/register, roles: PUBLIC_ACCESS }
-        - { path: ^/api/register/send, roles: ROLE_USER }
-        - { path: ^/api/register/check, roles: ROLE_USER }
-
         - { path: ^/api/password/reset/check, roles: PUBLIC_ACCESS }
-        - { path: ^/api/password/reset, roles: ROLE_USER }
         - { path: ^/api/password/send, roles: PUBLIC_ACCESS }
-
         - { path: ^/api/profile/recovery, roles: PUBLIC_ACCESS }
         - { path: ^/api/profile/recovery/check, roles: PUBLIC_ACCESS }
-        - { path: ^/api/profile/reset/email, roles: ROLE_USER }
-        - { path: ^/api/profile/reset/field, roles: ROLE_USER }
-        - { path: ^/api/profile/change, roles: ROLE_USER }
-        - { path: ^/api/profile, roles: ROLE_USER }
-        - { path: ^/api,       roles: ROLE_CONFIRMED }
+
+        - { path: ^/api,       roles: ROLE_USER }
         # - { path: ^/admin, roles: ROLE_ADMIN }
-        # - { path: ^/profile, roles: ROLE_USER }
 
 when@test:
     security:
diff --git a/app/src/Controller/AuthController.php b/app/src/Controller/AuthController.php
index cc257a82f2799eadc67f039c17c7b204cbce74fa..7805307c8934ff982ce20ccfd44d5381d3e5c17d 100644
--- a/app/src/Controller/AuthController.php
+++ b/app/src/Controller/AuthController.php
@@ -4,12 +4,15 @@ namespace App\Controller;
 
 use App\Service\Action\ActionServiceInterface;
 use App\Service\Dto\Classes\ChangePasswordDto;
+use App\Service\Dto\Classes\LoginDto;
 use App\Service\Dto\Classes\RecoveryDto;
 use App\Service\Dto\Classes\RegisterCodeDto;
 use App\Service\Dto\Classes\RegisterDto;
 use App\Service\Dto\Classes\ResetPasswordCodeDto;
 use App\Service\Response\Classes\Response;
+use App\Service\Response\Classes\TokenResponse;
 use Nelmio\ApiDocBundle\Annotation\Model;
+use Nelmio\ApiDocBundle\Annotation\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -18,19 +21,37 @@ use OpenApi\Attributes as OA;
 
 #[Route('/api', name: 'api_')]
 #[OA\Tag(name: 'Авторизация')]
-#[OA\Response(
-    response: 200,
-    description: 'Ответ',
-    content: new OA\JsonContent(
-        ref: new Model(type: Response::class, groups: ["message"])
-    )
-)]
 class AuthController extends AbstractController
 {
+    #[Route('/login', name: 'get_token', methods: ['POST'])]
+    #[OA\RequestBody(
+        content: new OA\JsonContent(ref: new Model(type: LoginDto::class))
+    )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: TokenResponse::class, groups: ["message", "data"])
+        )
+    )]
+    #[Security(name: null)]
+    public function getToken()
+    {
+        // Заглушка для Swagger
+    }
+
     #[Route('/register', name: 'register', methods: ['POST'])]
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RegisterDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function register(
         #[Autowire(service: 'action.register')]
         ActionServiceInterface $actionService
@@ -39,7 +60,14 @@ class AuthController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/register/send', name: 'register_send', methods: ['GET'])]
+    #[Route('/email/send', name: 'email_send', methods: ['GET'])]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function sendRegisterCode(
         #[Autowire(service: 'action.register.send')]
         ActionServiceInterface $actionService,
@@ -48,10 +76,17 @@ class AuthController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/register/check', name: 'register_check', methods: ['POST'])]
+    #[Route('/email/check', name: 'email_check', methods: ['POST'])]
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RegisterCodeDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function checkRegisterCode(
         #[Autowire(service: 'action.register.code')]
         ActionServiceInterface $actionService
@@ -64,6 +99,13 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: ChangePasswordDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
     public function resetPassword(
         #[Autowire(service: 'action.reset.password.change')]
         ActionServiceInterface $actionService
@@ -76,6 +118,14 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: RecoveryDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function sendResetPassword(
         #[Autowire(service: 'action.reset.password.send')]
         ActionServiceInterface $actionService
@@ -88,6 +138,14 @@ class AuthController extends AbstractController
     #[OA\RequestBody(
         content: new OA\JsonContent(ref: new Model(type: ResetPasswordCodeDto::class))
     )]
+    #[OA\Response(
+        response: 200,
+        description: 'Ответ',
+        content: new OA\JsonContent(
+            ref: new Model(type: Response::class, groups: ["message"])
+        )
+    )]
+    #[Security(name: null)]
     public function resetCheckPassword(
         #[Autowire(service: 'action.reset.password.code')]
         ActionServiceInterface $actionService
diff --git a/app/src/Controller/ProfileController.php b/app/src/Controller/ProfileController.php
index 8386604cb5b28c55808e4d07f42585ad46d885b6..d4a2e267ca0438e7f5fbcde92b2b287185cc8759 100644
--- a/app/src/Controller/ProfileController.php
+++ b/app/src/Controller/ProfileController.php
@@ -13,6 +13,7 @@ use App\Service\Response\Classes\QuestsResponse;
 use App\Service\Response\Classes\Response;
 use App\Service\Response\Classes\ReviewsResponse;
 use Nelmio\ApiDocBundle\Annotation\Model;
+use Nelmio\ApiDocBundle\Annotation\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\Attribute\Autowire;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -114,6 +115,7 @@ class ProfileController extends AbstractController
             ref: new Model(type: Response::class, groups: ["message"])
         )
     )]
+    #[Security(name: null)]
     public function recoveryProfile(
         #[Autowire(service: 'action.recovery.send')]
         ActionServiceInterface $actionService,
@@ -133,6 +135,7 @@ class ProfileController extends AbstractController
             ref: new Model(type: Response::class, groups: ["message"])
         )
     )]
+    #[Security(name: null)]
     public function recoveryCodeProfile(
         #[Autowire(service: 'action.recovery.code')]
         ActionServiceInterface $actionService,
@@ -160,7 +163,7 @@ class ProfileController extends AbstractController
         return $actionService->getResponse();
     }
 
-    #[Route('/profile/reset/email', name: 'profile_reset_email', methods: ['GET'])]
+    #[Route('/profile/email/reset', name: 'profile_email_reset', methods: ['GET'])]
     #[OA\Response(
         response: 200,
         description: 'Ответ',
diff --git a/app/src/Entity/User.php b/app/src/Entity/User.php
index 89d0897184ac05377da592d08c9cf17a5d24caa5..811175c9f797512298267eeb4b20e55172b7be8b 100644
--- a/app/src/Entity/User.php
+++ b/app/src/Entity/User.php
@@ -149,13 +149,10 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface
     {
         $roles = $this->roles;
         // guarantee every user at least has ROLE_USER
-        $roles[] = 'ROLE_USER';
         if ($this->isDeleted()) {
             $roles[] = 'ROLE_DELETED';
-        } else if ($this->isConfirm()) {
-            $roles[] = 'ROLE_CONFIRMED';
         } else {
-            $roles[] = 'ROLE_NOT_CONFIRMED';
+            $roles[] = 'ROLE_USER';
         }
 
         return array_unique($roles);
diff --git a/app/src/Service/Dto/Classes/LoginDto.php b/app/src/Service/Dto/Classes/LoginDto.php
new file mode 100644
index 0000000000000000000000000000000000000000..e86800c8f8a515656ad26c3b86022497a8d88d0c
--- /dev/null
+++ b/app/src/Service/Dto/Classes/LoginDto.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Service\Dto\Classes;
+
+use App\Service\Dto\BaseDto;
+
+class LoginDto extends BaseDto
+{
+    public ?string $email = null;
+
+    public ?string $password = null;
+}
\ No newline at end of file
diff --git a/app/src/Service/Dto/Classes/TokenDto.php b/app/src/Service/Dto/Classes/TokenDto.php
new file mode 100644
index 0000000000000000000000000000000000000000..59d98cc41862b6eaa6256936eb496898443f9192
--- /dev/null
+++ b/app/src/Service/Dto/Classes/TokenDto.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace App\Service\Dto\Classes;
+
+use App\Service\Dto\BaseDto;
+use Symfony\Component\Serializer\Annotation\Groups;
+
+class TokenDto extends BaseDto
+{
+    #[Groups(['data'])]
+    public string $token;
+}
\ No newline at end of file
diff --git a/app/src/Service/Response/Classes/TokenResponse.php b/app/src/Service/Response/Classes/TokenResponse.php
index c97b562c757f90b51ae4776193083a562c6055bc..937e1d62ba5b2dd097d17940e7116b7e13957bce 100644
--- a/app/src/Service/Response/Classes/TokenResponse.php
+++ b/app/src/Service/Response/Classes/TokenResponse.php
@@ -2,6 +2,7 @@
 
 namespace App\Service\Response\Classes;
 
+use App\Service\Dto\Classes\TokenDto;
 use Symfony\Component\DependencyInjection\Attribute\AsAlias;
 use Symfony\Component\Serializer\Annotation\Groups;
 
@@ -9,13 +10,15 @@ use Symfony\Component\Serializer\Annotation\Groups;
 class TokenResponse extends Response
 {
     /**
-     * @var array
+     * @var TokenDto
      */
     #[Groups(["data"])]
-    public array $data;
+    public TokenDto $data;
 
-    public function setToken(string $token)
+    public function setToken(string $token): void
     {
-        $this->data = ['token' => $token];
+        $dto = new TokenDto();
+        $dto->token = $token;
+        $this->data = $dto;
     }
 }
\ No newline at end of file