diff --git a/.codeguide/loopers-1-week.md b/.codeguide/loopers-1-week.md
deleted file mode 100644
index a8ace53e..00000000
--- a/.codeguide/loopers-1-week.md
+++ /dev/null
@@ -1,45 +0,0 @@
-## 🧪 Implementation Quest
-
-> 지정된 **단위 테스트 / 통합 테스트 / E2E 테스트 케이스**를 필수로 구현하고, 모든 테스트를 통과시키는 것을 목표로 합니다.
-
-### 회원 가입
-
-**🧱 단위 테스트**
-
-- [ ]  ID 가 `영문 및 숫자 10자 이내` 형식에 맞지 않으면, User 객체 생성에 실패한다.
-- [ ]  이메일이 `xx@yy.zz` 형식에 맞지 않으면, User 객체 생성에 실패한다.
-- [ ]  생년월일이 `yyyy-MM-dd` 형식에 맞지 않으면, User 객체 생성에 실패한다.
-
-**🔗 통합 테스트**
-
-- [ ]  회원 가입시 User 저장이 수행된다. ( spy 검증 )
-- [ ]  이미 가입된 ID 로 회원가입 시도 시, 실패한다.
-
-**🌐 E2E 테스트**
-
-- [ ]  회원 가입이 성공할 경우, 생성된 유저 정보를 응답으로 반환한다.
-- [ ]  회원 가입 시에 성별이 없을 경우, `400 Bad Request` 응답을 반환한다.
-
-### 내 정보 조회
-
-**🔗 통합 테스트**
-
-- [ ]  해당 ID 의 회원이 존재할 경우, 회원 정보가 반환된다.
-- [ ]  해당 ID 의 회원이 존재하지 않을 경우, null 이 반환된다.
-
-**🌐 E2E 테스트**
-
-- [ ]  내 정보 조회에 성공할 경우, 해당하는 유저 정보를 응답으로 반환한다.
-- [ ]  존재하지 않는 ID 로 조회할 경우, `404 Not Found` 응답을 반환한다.
-
-### 포인트 조회
-
-**🔗 통합 테스트**
-
-- [ ]  해당 ID 의 회원이 존재할 경우, 보유 포인트가 반환된다.
-- [ ]  해당 ID 의 회원이 존재하지 않을 경우, null 이 반환된다.
-
-**🌐 E2E 테스트**
-
-- [ ]  포인트 조회에 성공할 경우, 보유 포인트를 응답으로 반환한다.
-- [ ]  `X-USER-ID` 헤더가 없을 경우, `400 Bad Request` 응답을 반환한다.
diff --git a/CLAUDE.md b/CLAUDE.md
new file mode 100644
index 00000000..d2b946e8
--- /dev/null
+++ b/CLAUDE.md
@@ -0,0 +1,144 @@
+# CLAUDE.md
+
+## 프로젝트 개요
+
+Spring Boot 기반 멀티 모듈 Java 프로젝트 (`loopers-java-spring-template`).
+REST API, Batch, Kafka Streaming 3개의 실행 가능한 앱과 재사용 가능한 인프라/지원 모듈로 구성된다.
+
+## 기술 스택 및 버전
+
+| 구성 요소 | 버전 |
+|-----------|------|
+| Java | 21 (Toolchain) |
+| Spring Boot | 3.4.4 |
+| Spring Cloud Dependencies | 2024.0.1 |
+| Spring Dependency Management | 1.1.7 |
+| Kotlin | 2.0.20 |
+| springdoc-openapi | 2.7.0 |
+| QueryDSL | Jakarta |
+| MySQL Connector/J | Spring Boot 관리 |
+| Mockito | 5.14.0 |
+| spring-mockk | 4.0.2 |
+| instancio-junit | 5.0.2 |
+
+## 모듈 구조
+
+```
+root
+├── apps/                          # 실행 가능한 Spring Boot 애플리케이션
+│   ├── commerce-api/              # REST API (포트 8080, 관리 포트 8081)
+│   ├── commerce-batch/            # Spring Batch 처리
+│   └── commerce-streamer/         # Kafka 스트리밍 처리
+├── modules/                       # 재사용 가능한 인프라 모듈
+│   ├── jpa/                       # JPA/Hibernate + HikariCP 설정
+│   ├── redis/                     # Redis Master-Replica 설정 (Lettuce)
+│   └── kafka/                     # Kafka Producer/Consumer 설정
+└── supports/                      # 부가 기능 모듈
+    ├── jackson/                   # JSON 직렬화 설정
+    ├── logging/                   # Logback + Slack 알림
+    └── monitoring/                # Prometheus + Micrometer 메트릭
+```
+
+- `apps/` 모듈만 `bootJar` 활성화, 나머지는 `jar` 태스크만 활성화
+
+## 아키텍처 패턴
+
+Layered Hexagonal Architecture (Ports & Adapters):
+
+```
+interfaces/    → Controller, API Spec, DTO (HTTP 계층)
+application/   → Facade (유스케이스 조율)
+domain/        → Model, Service, Repository 인터페이스 (비즈니스 로직)
+infrastructure/→ Repository 구현체, JPA Repository (기술 어댑터)
+support/       → 공통 에러, 유틸리티
+```
+
+의존성 방향: `interfaces → application → domain ← infrastructure`
+
+## 빌드 및 실행
+
+```bash
+# 빌드
+./gradlew build
+
+# commerce-api 실행
+./gradlew :apps:commerce-api:bootRun
+
+# commerce-batch 실행 (job 이름 지정 필수)
+./gradlew :apps:commerce-batch:bootRun --args='--spring.batch.job.name=demoJob'
+
+# 테스트
+./gradlew test
+
+# 인프라 (MySQL, Redis, Kafka)
+docker compose -f infra-compose.yml up -d
+
+# 모니터링 (Prometheus, Grafana)
+docker compose -f monitoring-compose.yml up -d
+```
+
+## 주요 컨벤션
+
+### 엔티티
+- `BaseEntity`를 상속하여 `id`, `created_at`, `updated_at`, `deleted_at` 자동 관리
+- Soft delete 패턴 (`delete()`, `restore()` 메서드)
+- Protected 기본 생성자, `@PrePersist`/`@PreUpdate` 훅 사용
+- 타임존: UTC 저장, Asia/Seoul 표시
+
+### API 응답
+```json
+{
+  "meta": { "result": "SUCCESS|FAIL", "errorCode": "...", "message": "..." },
+  "data": { }
+}
+```
+
+### 에러 처리
+- `CoreException(ErrorType, message)` → `ApiControllerAdvice`에서 일괄 처리
+- ErrorType: `BAD_REQUEST(400)`, `NOT_FOUND(404)`, `CONFLICT(409)`, `INTERNAL_ERROR(500)`
+
+### DTO 매핑 흐름
+```
+Entity → ExampleInfo (application DTO) → ExampleV1Dto (API DTO) → ApiResponse
+```
+- Java Record로 불변 DTO 정의, `from()` 팩토리 메서드 사용
+
+### 네이밍
+- 패키지: `com.loopers.*`
+- API 버전: 클래스명에 `V1`, `V2` 접미사 (예: `ExampleV1Controller`)
+- DTO: `Dto` 또는 `Info` 접미사
+- Repository: `Repository` (인터페이스), `JpaRepository` (JPA)
+
+### 테스트
+- JUnit 5, `@Nested` + `@DisplayName`(한국어) 사용
+- 통합 테스트: `@SpringBootTest(webEnvironment = RANDOM_PORT)` + `TestRestTemplate`
+- Testcontainers: MySQL, Redis, Kafka
+- `DatabaseCleanUp` 픽스처로 테스트 간 데이터 정리 (`@AfterEach`)
+- JaCoCo 코드 커버리지 (XML 리포트)
+- 프로파일: `test`, 순차 실행 (`maxParallelForks = 1`)
+- 테스트 데이터 중 여러 테스트에서 반복 사용되는 값은 클래스 레벨 상수(`private static final`)로 선언한다
+
+### 코드 스타일
+- Lombok: `@RequiredArgsConstructor`, `@Getter`, `@Slf4j`
+- Jackson: `NON_NULL` 직렬화, 빈 문자열 → null 역직렬화
+- 비즈니스 컨텍스트 주석은 한국어 사용
+
+## 환경 프로파일
+
+`local`, `test`, `dev`, `qa`, `prd`
+
+| 설정 | local/test | dev/qa/prd |
+|------|-----------|------------|
+| DDL auto | create | none |
+| SQL 로깅 | 활성화 | 비활성화 |
+| Swagger | 활성화 | prd만 비활성화 |
+| Batch 스키마 | always | never |
+
+## 환경 변수
+
+| 변수 | 용도 |
+|------|------|
+| `MYSQL_HOST`, `MYSQL_PORT`, `MYSQL_USER`, `MYSQL_PWD` | MySQL 접속 |
+| `REDIS_MASTER_HOST`, `REDIS_MASTER_PORT` | Redis Master |
+| `REDIS_REPLICA_1_HOST`, `REDIS_REPLICA_1_PORT` | Redis Replica |
+| `BOOTSTRAP_SERVERS` | Kafka 브로커 |
diff --git a/apps/commerce-api/build.gradle.kts b/apps/commerce-api/build.gradle.kts
index 03ce68f0..c5dedd18 100644
--- a/apps/commerce-api/build.gradle.kts
+++ b/apps/commerce-api/build.gradle.kts
@@ -9,6 +9,9 @@ dependencies {
     // web
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
+
+    // security (PasswordEncoder 사용)
+    implementation("org.springframework.security:spring-security-crypto")
     implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:${project.properties["springDocOpenApiVersion"]}")
 
     // querydsl
diff --git a/apps/commerce-api/src/main/java/com/loopers/application/user/ChangePasswordCommand.java b/apps/commerce-api/src/main/java/com/loopers/application/user/ChangePasswordCommand.java
new file mode 100644
index 00000000..54aa936b
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/application/user/ChangePasswordCommand.java
@@ -0,0 +1,7 @@
+package com.loopers.application.user;
+
+public record ChangePasswordCommand(
+        String loginId,
+        String currentPassword,
+        String newPassword
+) {}
diff --git a/apps/commerce-api/src/main/java/com/loopers/application/user/SignupCommand.java b/apps/commerce-api/src/main/java/com/loopers/application/user/SignupCommand.java
new file mode 100644
index 00000000..f751b360
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/application/user/SignupCommand.java
@@ -0,0 +1,9 @@
+package com.loopers.application.user;
+
+public record SignupCommand(
+    String loginId,
+    String password,
+    String name,
+    String birthday,
+    String email
+) {}
diff --git a/apps/commerce-api/src/main/java/com/loopers/application/user/UserFacade.java b/apps/commerce-api/src/main/java/com/loopers/application/user/UserFacade.java
new file mode 100644
index 00000000..a738467b
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/application/user/UserFacade.java
@@ -0,0 +1,28 @@
+package com.loopers.application.user;
+
+import com.loopers.domain.user.UserModel;
+import com.loopers.domain.user.UserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+
+@RequiredArgsConstructor
+@Component
+public class UserFacade {
+    private final UserService userService;
+
+    public UserInfo signUp(SignupCommand command) {
+        UserModel user = userService.signup(
+            command.loginId(), command.password(), command.name(), command.birthday(), command.email()
+        );
+        return UserInfo.from(user);
+    }
+
+    public UserInfo getMyInfo(String loginId) {
+        UserModel user = userService.findByLoginId(loginId);
+        return UserInfo.from(user);
+    }
+
+    public void changePassword(ChangePasswordCommand command) {
+        userService.changePassword(command.loginId(), command.currentPassword(), command.newPassword());
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/application/user/UserInfo.java b/apps/commerce-api/src/main/java/com/loopers/application/user/UserInfo.java
new file mode 100644
index 00000000..5539a341
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/application/user/UserInfo.java
@@ -0,0 +1,25 @@
+package com.loopers.application.user;
+
+import com.loopers.domain.user.UserModel;
+
+import java.time.LocalDate;
+import java.util.Objects;
+
+public record UserInfo(
+    Long id,
+    String loginId,
+    String name,
+    LocalDate birthday,
+    String email
+) {
+    public static UserInfo from(UserModel userModel) {
+        Objects.requireNonNull(userModel, "userModel은 null일 수 없습니다.");
+        return new UserInfo(
+            userModel.getId(),
+            userModel.getLoginId(),
+            userModel.getName(),
+            userModel.getBirthday(),
+            userModel.getEmail()
+        );
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/config/AuthInterceptor.java b/apps/commerce-api/src/main/java/com/loopers/config/AuthInterceptor.java
new file mode 100644
index 00000000..8cec0fc8
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/config/AuthInterceptor.java
@@ -0,0 +1,46 @@
+package com.loopers.config;
+
+import com.loopers.domain.user.UserService;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@RequiredArgsConstructor
+@Component
+public class AuthInterceptor implements HandlerInterceptor {
+    private static final Logger log = LoggerFactory.getLogger(AuthInterceptor.class);
+
+    private static final String HEADER_LOGIN_ID = "X-Loopers-LoginId";
+    private static final String HEADER_LOGIN_PW = "X-Loopers-LoginPw";
+    public static final String ATTR_LOGIN_ID = "loginId";
+
+    private final UserService userService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        String loginId = request.getHeader(HEADER_LOGIN_ID);
+        String loginPw = request.getHeader(HEADER_LOGIN_PW);
+
+        if (loginId == null || loginId.isBlank() || loginPw == null || loginPw.isBlank()) {
+            log.warn("인증 헤더 누락 - URI: {}, RemoteAddr: {}", request.getRequestURI(), request.getRemoteAddr());
+            throw new CoreException(ErrorType.UNAUTHORIZED, "인증 헤더가 누락되었습니다.");
+        }
+
+        try{
+            userService.authenticate(loginId, loginPw);
+        }catch(CoreException e){
+            log.warn("인증 실패 - loginId: {}, URI: {}", loginId, request.getRequestURI());
+            throw e;
+        }
+        request.setAttribute(ATTR_LOGIN_ID, loginId);
+
+        return true;
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/config/SecurityConfig.java b/apps/commerce-api/src/main/java/com/loopers/config/SecurityConfig.java
new file mode 100644
index 00000000..52b04d23
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/config/SecurityConfig.java
@@ -0,0 +1,15 @@
+package com.loopers.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@Configuration
+public class SecurityConfig {
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/config/WebMvcConfig.java b/apps/commerce-api/src/main/java/com/loopers/config/WebMvcConfig.java
new file mode 100644
index 00000000..1a59990e
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/config/WebMvcConfig.java
@@ -0,0 +1,20 @@
+package com.loopers.config;
+
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@RequiredArgsConstructor
+@Configuration
+public class WebMvcConfig implements WebMvcConfigurer {
+
+    private final AuthInterceptor authInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authInterceptor)
+                .addPathPatterns("/api/**")
+                .excludePathPatterns("/api/v1/users/signup");
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/user/Password.java b/apps/commerce-api/src/main/java/com/loopers/domain/user/Password.java
new file mode 100644
index 00000000..d772fecd
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/domain/user/Password.java
@@ -0,0 +1,30 @@
+package com.loopers.domain.user;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+
+public class Password {
+
+    private static final int MIN_LENGTH = 8;
+    private static final int MAX_LENGTH = 16;
+    private static final String PASSWORD_PATTERN = "^[a-zA-Z0-9!@#$%^&*()_+\\-=\\[\\]{};':\",./<>?]*$";
+
+    public static void validate(String value, String birthday) {
+        if (value == null || value.isBlank()) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "비밀번호는 비어있을 수 없습니다.");
+        }
+
+        if (value.length() < MIN_LENGTH || value.length() > MAX_LENGTH) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "비밀번호는 8자리 이상, 16자리 이하이어야 합니다.");
+        }
+
+        if (!value.matches(PASSWORD_PATTERN)) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "비밀번호 형식이 올바르지 않습니다.");
+        }
+
+        String birthdayWithoutDash = birthday.replace("-", "");
+        if (value.contains(birthday) || value.contains(birthdayWithoutDash)) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "비밀번호에 생년월일을 포함할 수 없습니다.");
+        }
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/user/UserModel.java b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserModel.java
new file mode 100644
index 00000000..7c7b0e3d
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserModel.java
@@ -0,0 +1,102 @@
+package com.loopers.domain.user;
+
+import com.loopers.domain.BaseEntity;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Table;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+
+import java.time.LocalDate;
+import java.time.format.DateTimeParseException;
+
+@Entity
+@Table(name = "users")
+@Getter
+@NoArgsConstructor
+public class UserModel extends BaseEntity {
+
+    @Column(nullable = false, unique = true)
+    private String loginId;
+
+    @Column(nullable = false)
+    private String password;
+
+    @Column(nullable = false)
+    private String name;
+
+    @Column(nullable = false)
+    private LocalDate birthday;
+
+    @Column(nullable = false)
+    private String email;
+
+    private static final String LOGIN_ID_PATTERN = "^[a-zA-Z0-9]+$";
+    private static final String EMAIL_PATTERN = "^[\\w.-]+@[\\w.-]+\\.[a-zA-Z]{2,}$";
+
+    public UserModel(String loginId, String password, String name, String birthday, String email){
+        validateLoginId(loginId);
+        validateName(name);
+        validateEmail(email);
+        validatePassword(password);
+
+        this.loginId = loginId;
+        this.name = name;
+        this.email = email;
+        this.password = password;
+        this.birthday = parseBirthday(birthday);
+    }
+
+    private void validateLoginId(String loginId){
+        if(loginId == null || loginId.isBlank()){
+            throw new CoreException(ErrorType.BAD_REQUEST, "로그인 ID는 비어있을 수 없습니다.");
+        }
+        if(!loginId.matches(LOGIN_ID_PATTERN)){
+            throw new CoreException(ErrorType.BAD_REQUEST, "로그인 ID는 영문과 숫자만 허용됩니다.");
+        }
+    }
+
+    private void validateName(String name){
+        if(name == null || name.isBlank()){
+            throw new CoreException(ErrorType.BAD_REQUEST, "이름은 비어있을 수 없습니다.");
+        }
+    }
+
+    private void validateEmail(String email){
+        if(email == null || email.isBlank()){
+            throw new CoreException(ErrorType.BAD_REQUEST, "이메일은 비어있을 수 없습니다.");
+        }
+        if(!email.matches(EMAIL_PATTERN)){
+            throw new CoreException(ErrorType.BAD_REQUEST, "이메일 형식이 올바르지 않습니다.");
+        }
+    }
+
+    private void validatePassword(String password){
+        if(password == null || password.isBlank()){
+            throw new CoreException(ErrorType.BAD_REQUEST, "비밀번호는 비어있을 수 없습니다.");
+        }
+    }
+
+    public void changePassword(String encryptedPassword) {
+        validatePassword(encryptedPassword);
+        this.password = encryptedPassword;
+    }
+
+    private LocalDate parseBirthday(String birthday){
+        if(birthday == null || birthday.isBlank()){
+            throw new CoreException(ErrorType.BAD_REQUEST, "생년월일은 비어있을 수 없습니다.");
+        }
+        LocalDate parsed;
+        try{
+            parsed = LocalDate.parse(birthday);
+        }catch(DateTimeParseException e){
+            throw new CoreException(ErrorType.BAD_REQUEST, "생년월일 형식이 올바르지 않습니다.");
+        }
+        if(parsed.isAfter(LocalDate.now())){
+            throw new CoreException(ErrorType.BAD_REQUEST, "생년월일은 미래 날짜일 수 없습니다.");
+        }
+        return parsed;
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/user/UserRepository.java b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserRepository.java
new file mode 100644
index 00000000..eadc5d43
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserRepository.java
@@ -0,0 +1,9 @@
+package com.loopers.domain.user;
+
+import java.util.Optional;
+
+public interface UserRepository {
+    Optional<UserModel> findByLoginId(String loginId);
+    boolean existsByLoginId(String loginId);
+    UserModel save(UserModel user);
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/domain/user/UserService.java b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserService.java
new file mode 100644
index 00000000..89e594b2
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/domain/user/UserService.java
@@ -0,0 +1,82 @@
+package com.loopers.domain.user;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.util.Optional;
+
+@RequiredArgsConstructor
+@Component
+public class UserService {
+    private final UserRepository userRepository;
+    private final PasswordEncoder passwordEncoder;
+
+    // 회원가입
+    @Transactional
+    public UserModel signup(String loginId, String password, String name, String birthday, String email) {
+        // 1. 비밀번호 검증 (암호화 전 raw password)
+        Password.validate(password, birthday);
+
+        // 2. 중복 체크
+        if (userRepository.existsByLoginId(loginId)) {
+            throw new CoreException(ErrorType.CONFLICT, "이미 존재하는 로그인 ID입니다.");
+        }
+
+        // 3. 비밀번호 암호화
+        String encryptedPassword = passwordEncoder.encode(password);
+
+        // 4. 회원 생성 및 저장
+        UserModel newUser = new UserModel(loginId, encryptedPassword, name, birthday, email);
+        return userRepository.save(newUser);
+    }
+
+    // 인증
+    @Transactional(readOnly = true)
+    public UserModel authenticate(String loginId, String password) {
+        UserModel user = userRepository.findByLoginId(loginId)
+                .orElseThrow(() -> new CoreException(ErrorType.UNAUTHORIZED, "회원 정보가 올바르지 않습니다."));
+
+        if (!passwordEncoder.matches(password, user.getPassword())) {
+            throw new CoreException(ErrorType.UNAUTHORIZED, "회원 정보가 올바르지 않습니다.");
+        }
+
+        return user;
+    }
+
+    // 비밀번호 변경
+    @Transactional
+    public void changePassword(String loginId, String currentPassword, String newPassword) {
+        // 1. 사용자 조회
+        UserModel user = userRepository.findByLoginId(loginId)
+                .orElseThrow(() -> new CoreException(ErrorType.NOT_FOUND, "존재하지 않는 사용자입니다."));
+
+        // 2. 현재 비밀번호 확인
+        if (!passwordEncoder.matches(currentPassword, user.getPassword())) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "현재 비밀번호가 일치하지 않습니다.");
+        }
+
+        // 3. 새 비밀번호가 현재 비밀번호와 동일한지 확인
+        if (passwordEncoder.matches(newPassword, user.getPassword())) {
+            throw new CoreException(ErrorType.BAD_REQUEST, "새 비밀번호는 현재 비밀번호와 동일할 수 없습니다.");
+        }
+
+        // 4. 비밀번호 규칙 검증
+        Password.validate(newPassword, user.getBirthday().toString());
+
+        // 5. 암호화 및 저장
+        String encryptedPassword = passwordEncoder.encode(newPassword);
+        user.changePassword(encryptedPassword);
+        userRepository.save(user);
+    }
+
+    // 로그인 ID로 조회
+    @Transactional(readOnly = true)
+    public UserModel findByLoginId(String loginId) {
+        return userRepository.findByLoginId(loginId)
+                .orElseThrow(() -> new CoreException(ErrorType.NOT_FOUND, "존재하지 않는 사용자입니다."));
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserJpaRepository.java b/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserJpaRepository.java
new file mode 100644
index 00000000..f94d1f75
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserJpaRepository.java
@@ -0,0 +1,11 @@
+package com.loopers.infrastructure.user;
+
+import com.loopers.domain.user.UserModel;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.Optional;
+
+public interface UserJpaRepository extends JpaRepository<UserModel, Long> {
+    Optional<UserModel> findByLoginId(String loginId);
+    boolean existsByLoginId(String loginId);
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserRepositoryImpl.java b/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserRepositoryImpl.java
new file mode 100644
index 00000000..135a1300
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/infrastructure/user/UserRepositoryImpl.java
@@ -0,0 +1,30 @@
+package com.loopers.infrastructure.user;
+
+import com.loopers.domain.user.UserModel;
+import com.loopers.domain.user.UserRepository;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.stereotype.Repository;
+
+import java.util.Optional;
+
+@RequiredArgsConstructor
+@Repository
+public class UserRepositoryImpl implements UserRepository {
+    private final UserJpaRepository userJpaRepository;
+
+    @Override
+    public Optional<UserModel> findByLoginId(String loginId) {
+        return userJpaRepository.findByLoginId(loginId);
+    }
+
+    @Override
+    public boolean existsByLoginId(String loginId) {
+        return userJpaRepository.existsByLoginId(loginId);
+    }
+
+    @Override
+    public UserModel save(UserModel user) {
+        return userJpaRepository.save(user);
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1ApiSpec.java b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1ApiSpec.java
new file mode 100644
index 00000000..6c32ff1c
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1ApiSpec.java
@@ -0,0 +1,27 @@
+package com.loopers.interfaces.api.user;
+
+import com.loopers.interfaces.api.ApiResponse;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+
+@Tag(name = "User V1 API", description = "회원 관련 API 입니다.")
+public interface UserV1ApiSpec {
+
+    @Operation(
+        summary = "회원가입",
+        description = "새로운 회원을 등록합니다."
+    )
+    ApiResponse<UserV1Dto.UserResponse> signup(UserV1Dto.SignupRequest request);
+
+    @Operation(
+        summary = "내 정보 조회",
+        description = "인증된 사용자의 정보를 조회합니다."
+    )
+    ApiResponse<UserV1Dto.UserResponse> getMe(String loginId);
+
+    @Operation(
+        summary = "비밀번호 변경",
+        description = "인증된 사용자의 비밀번호를 변경합니다."
+    )
+    ApiResponse<Object> changePassword(String loginId, UserV1Dto.ChangePasswordRequest request);
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Controller.java b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Controller.java
new file mode 100644
index 00000000..b842d3f2
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Controller.java
@@ -0,0 +1,52 @@
+package com.loopers.interfaces.api.user;
+
+import com.loopers.application.user.UserFacade;
+import com.loopers.application.user.UserInfo;
+import com.loopers.config.AuthInterceptor;
+import com.loopers.interfaces.api.ApiResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestAttribute;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RequiredArgsConstructor
+@RestController
+@RequestMapping("/api/v1/users")
+public class UserV1Controller implements UserV1ApiSpec {
+
+    private final UserFacade userFacade;
+
+    @PostMapping("/signup")
+    @Override
+    public ApiResponse<UserV1Dto.UserResponse> signup(
+        @RequestBody UserV1Dto.SignupRequest request
+    ) {
+        UserInfo info = userFacade.signUp(request.toCommand());
+        UserV1Dto.UserResponse response = UserV1Dto.UserResponse.from(info);
+        return ApiResponse.success(response);
+    }
+
+    @GetMapping("/me")
+    @Override
+    public ApiResponse<UserV1Dto.UserResponse> getMe(
+        @RequestAttribute(AuthInterceptor.ATTR_LOGIN_ID) String loginId
+    ) {
+        UserInfo info = userFacade.getMyInfo(loginId);
+        UserV1Dto.UserResponse response = UserV1Dto.UserResponse.from(info);
+        return ApiResponse.success(response);
+    }
+
+    @PatchMapping("/password")
+    @Override
+    public ApiResponse<Object> changePassword(
+        @RequestAttribute(AuthInterceptor.ATTR_LOGIN_ID) String loginId,
+        @RequestBody UserV1Dto.ChangePasswordRequest request
+    ) {
+        userFacade.changePassword(request.toCommand(loginId));
+        return ApiResponse.success();
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Dto.java b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Dto.java
new file mode 100644
index 00000000..100edac8
--- /dev/null
+++ b/apps/commerce-api/src/main/java/com/loopers/interfaces/api/user/UserV1Dto.java
@@ -0,0 +1,54 @@
+package com.loopers.interfaces.api.user;
+
+import com.loopers.application.user.ChangePasswordCommand;
+import com.loopers.application.user.SignupCommand;
+import com.loopers.application.user.UserInfo;
+
+import java.time.LocalDate;
+
+public class UserV1Dto {
+
+    public record SignupRequest(
+        String loginId,
+        String password,
+        String name,
+        String birthday,
+        String email
+    ) {
+        public SignupCommand toCommand() {
+            return new SignupCommand(loginId, password, name, birthday, email);
+        }
+    }
+
+    public record ChangePasswordRequest(
+        String currentPassword,
+        String newPassword
+    ) {
+        public ChangePasswordCommand toCommand(String loginId) {
+            return new ChangePasswordCommand(loginId, currentPassword, newPassword);
+        }
+    }
+
+    public record UserResponse(
+        String loginId,
+        String name,
+        LocalDate birthday,
+        String email
+    ) {
+        public static UserResponse from(UserInfo info) {
+            return new UserResponse(
+                info.loginId(),
+                maskLastCharacter(info.name()),
+                info.birthday(),
+                info.email()
+            );
+        }
+
+        private static String maskLastCharacter(String value) {
+            if (value == null || value.length() <= 1) {
+                return value;
+            }
+            return value.substring(0, value.length() - 1) + "*";
+        }
+    }
+}
diff --git a/apps/commerce-api/src/main/java/com/loopers/support/error/ErrorType.java b/apps/commerce-api/src/main/java/com/loopers/support/error/ErrorType.java
index 5d142efb..8d493491 100644
--- a/apps/commerce-api/src/main/java/com/loopers/support/error/ErrorType.java
+++ b/apps/commerce-api/src/main/java/com/loopers/support/error/ErrorType.java
@@ -10,6 +10,7 @@ public enum ErrorType {
     /** 범용 에러 */
     INTERNAL_ERROR(HttpStatus.INTERNAL_SERVER_ERROR, HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(), "일시적인 오류가 발생했습니다."),
     BAD_REQUEST(HttpStatus.BAD_REQUEST, HttpStatus.BAD_REQUEST.getReasonPhrase(), "잘못된 요청입니다."),
+    UNAUTHORIZED(HttpStatus.UNAUTHORIZED, HttpStatus.UNAUTHORIZED.getReasonPhrase(), "인증에 실패했습니다."),
     NOT_FOUND(HttpStatus.NOT_FOUND, HttpStatus.NOT_FOUND.getReasonPhrase(), "존재하지 않는 요청입니다."),
     CONFLICT(HttpStatus.CONFLICT, HttpStatus.CONFLICT.getReasonPhrase(), "이미 존재하는 리소스입니다.");
 
diff --git a/apps/commerce-api/src/test/java/com/loopers/config/AuthInterceptorTest.java b/apps/commerce-api/src/test/java/com/loopers/config/AuthInterceptorTest.java
new file mode 100644
index 00000000..24493123
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/config/AuthInterceptorTest.java
@@ -0,0 +1,117 @@
+package com.loopers.config;
+
+import com.loopers.domain.user.UserService;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+class AuthInterceptorTest {
+
+    private static final String HEADER_LOGIN_ID = "X-Loopers-LoginId";
+    private static final String HEADER_LOGIN_PW = "X-Loopers-LoginPw";
+    private static final String VALID_LOGIN_ID = "namjin123";
+    private static final String VALID_PASSWORD = "qwer@1234";
+
+    @Mock
+    private UserService userService;
+
+    @InjectMocks
+    private AuthInterceptor authInterceptor;
+
+    @DisplayName("인증 인터셉터에서, ")
+    @Nested
+    class PreHandle {
+
+        @DisplayName("유효한 인증 헤더로 요청하면, 인증에 성공하고 true를 반환한다.")
+        @Test
+        void returnsTrue_whenCredentialsAreValid() {
+            // arrange
+            HttpServletRequest request = mock(HttpServletRequest.class);
+            HttpServletResponse response = mock(HttpServletResponse.class);
+
+            when(request.getHeader(HEADER_LOGIN_ID)).thenReturn(VALID_LOGIN_ID);
+            when(request.getHeader(HEADER_LOGIN_PW)).thenReturn(VALID_PASSWORD);
+
+            // act
+            boolean result = authInterceptor.preHandle(request, response, new Object());
+
+            // assert
+            assertThat(result).isTrue();
+            verify(userService).authenticate(VALID_LOGIN_ID, VALID_PASSWORD);
+            verify(request).setAttribute(AuthInterceptor.ATTR_LOGIN_ID, VALID_LOGIN_ID);
+        }
+
+        @DisplayName("인증 헤더가 누락되면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenHeadersMissing() {
+            // arrange
+            HttpServletRequest request = mock(HttpServletRequest.class);
+            HttpServletResponse response = mock(HttpServletResponse.class);
+
+            when(request.getRequestURI()).thenReturn("/api/v1/users/me");
+            when(request.getRemoteAddr()).thenReturn("127.0.0.1");
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                authInterceptor.preHandle(request, response, new Object());
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+            verify(userService, never()).authenticate(any(), any());
+        }
+
+        @DisplayName("인증에 실패하면, 예외가 전파된다.")
+        @Test
+        void throwsException_whenAuthenticationFails() {
+            // arrange
+            HttpServletRequest request = mock(HttpServletRequest.class);
+            HttpServletResponse response = mock(HttpServletResponse.class);
+
+            when(request.getHeader(HEADER_LOGIN_ID)).thenReturn(VALID_LOGIN_ID);
+            when(request.getHeader(HEADER_LOGIN_PW)).thenReturn("wrongPassword");
+            when(request.getRequestURI()).thenReturn("/api/v1/users/me");
+
+            when(userService.authenticate(VALID_LOGIN_ID, "wrongPassword"))
+                    .thenThrow(new CoreException(ErrorType.UNAUTHORIZED, "회원 정보가 올바르지 않습니다."));
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                authInterceptor.preHandle(request, response, new Object());
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+
+        @DisplayName("빈 문자열 인증 헤더로 요청하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenHeadersAreBlank() {
+            // arrange
+            HttpServletRequest request = mock(HttpServletRequest.class);
+            HttpServletResponse response = mock(HttpServletResponse.class);
+
+            when(request.getHeader(HEADER_LOGIN_ID)).thenReturn("   ");
+            when(request.getHeader(HEADER_LOGIN_PW)).thenReturn("");
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                authInterceptor.preHandle(request, response, new Object());
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+            verify(userService, never()).authenticate(any(), any());
+        }
+    }
+}
diff --git a/apps/commerce-api/src/test/java/com/loopers/domain/user/PasswordTest.java b/apps/commerce-api/src/test/java/com/loopers/domain/user/PasswordTest.java
new file mode 100644
index 00000000..dd91c8ab
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/domain/user/PasswordTest.java
@@ -0,0 +1,101 @@
+package com.loopers.domain.user;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class PasswordTest {
+
+    private static final String VALID_PASSWORD = "qwer@1234";
+    private static final String VALID_BIRTHDAY = "1994-05-25";
+
+    @DisplayName("비밀번호를 검증할 때, ")
+    @Nested
+    class Validate {
+
+        @DisplayName("정상적인 비밀번호면 예외가 발생하지 않는다.")
+        @Test
+        void doesNotThrowException_whenValid() {
+            // act & assert
+            assertDoesNotThrow(() -> Password.validate(VALID_PASSWORD, VALID_BIRTHDAY));
+        }
+
+        @DisplayName("비밀번호가 비어있으면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordIsBlank() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("비밀번호가 8자 미만이면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordIsShorterThan8() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("qwer@12", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("비밀번호가 16자 초과이면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordIsLongerThan16() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("qwer@123412341234", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("비밀번호에 허용되지 않은 문자가 포함되면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordContainsInvalidCharacters() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("qwer@1234한글", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("비밀번호에 생년월일(대시 포함)이 포함되면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordContainsBirthdayWithDash() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("qwer@1994-05-25", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("비밀번호에 생년월일(대시 미포함)이 포함되면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordContainsBirthdayWithoutDash() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                Password.validate("qwer19940525", VALID_BIRTHDAY);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+    }
+}
diff --git a/apps/commerce-api/src/test/java/com/loopers/domain/user/UserModelTest.java b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserModelTest.java
new file mode 100644
index 00000000..dc497824
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserModelTest.java
@@ -0,0 +1,183 @@
+package com.loopers.domain.user;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+
+import java.time.LocalDate;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+class UserModelTest {
+
+    private static final String VALID_LOGIN_ID = "namjin123";
+    private static final String VALID_PASSWORD = "qwer@1234";
+    private static final String VALID_NAME = "namjin";
+    private static final String VALID_BIRTHDAY = "1994-05-25";
+    private static final String VALID_EMAIL = "epemxksl@gmail.com";
+    private static final String FUTURE_BIRTHDAY = LocalDate.now().plusYears(1).toString();
+
+    @DisplayName("회원을 생성할 때, ")
+    @Nested
+    class Create {
+
+        @DisplayName("모든 정보가 올바르면, 정상적으로 생성된다.")
+        @Test
+        void createsUser_whenAllInfoIsProvided() {
+            // act
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // assert
+            assertThat(user).isNotNull();
+        }
+
+        @DisplayName("로그인 ID가 비어있으면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenLoginIdIsBlank() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel("", VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("로그인 ID에 영문과 숫자 외 문자가 포함되면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenLoginIdContainsInvalidCharacters() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel("namjin123!@#", VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("이름이 비어있으면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenNameIsBlank() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, "", VALID_BIRTHDAY, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("이메일 포맷이 올바르지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenEmailFormatIsInvalid() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, "epemxksl@gmail-com");
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("생년월일 포맷이 올바르지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenBirthDateFormatIsInvalid() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, "1994-005-25", VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("생년월일이 현재보다 이후의 날짜면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenBirthDateisAfterToday(){
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, FUTURE_BIRTHDAY, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("생년월일이 비어있으면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenBirthdayIsBlank() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, "", VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("생년월일이 null이면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenBirthdayIsNull() {
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, null, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+    }
+
+    @DisplayName("비밀번호를 변경할 때, ")
+    @Nested
+    class ChangePassword {
+
+        @DisplayName("정상적인 암호화된 비밀번호로 변경하면, 비밀번호가 업데이트된다.")
+        @Test
+        void changesPassword_whenEncryptedPasswordIsValid() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+            String newEncryptedPassword = "new_encrypted_password";
+
+            // act
+            user.changePassword(newEncryptedPassword);
+
+            // assert
+            assertThat(user.getPassword()).isEqualTo(newEncryptedPassword);
+        }
+
+        @DisplayName("blank 비밀번호로 변경하면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenPasswordIsBlank() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                user.changePassword("");
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("null 비밀번호로 변경하면, 예외가 발생한다.")
+        @Test
+        void throwsBadRequestException_whenPasswordIsNull() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                user.changePassword(null);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+    }
+}
diff --git a/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceIntegrationTest.java b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceIntegrationTest.java
new file mode 100644
index 00000000..7fd2d1c0
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceIntegrationTest.java
@@ -0,0 +1,213 @@
+package com.loopers.domain.user;
+
+import com.loopers.infrastructure.user.UserJpaRepository;
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import com.loopers.utils.DatabaseCleanUp;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@SpringBootTest
+class UserServiceIntegrationTest {
+
+    private static final String VALID_LOGIN_ID = "namjin123";
+    private static final String VALID_PASSWORD = "qwer@1234";
+    private static final String VALID_NAME = "namjin";
+    private static final String VALID_BIRTHDAY = "1994-05-25";
+    private static final String VALID_EMAIL = "test@gmail.com";
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private UserJpaRepository userJpaRepository;
+
+    @Autowired
+    private DatabaseCleanUp databaseCleanUp;
+
+    @AfterEach
+    void tearDown() {
+        databaseCleanUp.truncateAllTables();
+    }
+
+    @DisplayName("회원가입을 할 때, ")
+    @Nested
+    class Signup {
+
+        @DisplayName("정상적인 정보로 회원가입이 성공한다.")
+        @Test
+        void signupSucceeds_whenInfoIsValid() {
+            // act
+            UserModel result = userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getId()).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+
+            // DB에 실제로 저장됐는지 확인
+            assertThat(userJpaRepository.findById(result.getId())).isPresent();
+        }
+
+        @DisplayName("이미 가입된 로그인 ID로 가입하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdAlreadyExists() {
+            // arrange - 먼저 회원 하나 저장
+            UserModel existingUser = new UserModel(VALID_LOGIN_ID, "otherPw@123", "기존회원", "1990-01-01", "other@test.com");
+            userJpaRepository.save(existingUser);
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.signup(VALID_LOGIN_ID, "newPw@1234", "신규회원", "1995-05-05", "new@test.com");
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.CONFLICT);
+        }
+    }
+
+    @DisplayName("인증을 할 때, ")
+    @Nested
+    class Authenticate {
+
+        @DisplayName("올바른 자격증명으로 인증이 성공한다.")
+        @Test
+        void authenticateSucceeds_whenCredentialsAreValid() {
+            // arrange - 회원가입 (BCrypt 암호화 포함)
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act
+            UserModel result = userService.authenticate(VALID_LOGIN_ID, VALID_PASSWORD);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+        }
+
+        @DisplayName("존재하지 않는 로그인 ID로 인증하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdNotFound() {
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.authenticate("nonexistent", VALID_PASSWORD);
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+
+        @DisplayName("비밀번호가 일치하지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordDoesNotMatch() {
+            // arrange - 회원가입
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.authenticate(VALID_LOGIN_ID, "wrongPw@123");
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+    }
+
+    @DisplayName("비밀번호를 변경할 때, ")
+    @Nested
+    class ChangePassword {
+
+        private static final String NEW_PASSWORD = "newPw@1234";
+
+        @DisplayName("정상적인 정보로 비밀번호 변경이 성공한다.")
+        @Test
+        void changePasswordSucceeds_whenInfoIsValid() {
+            // arrange - 회원가입
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act
+            userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, NEW_PASSWORD);
+
+            // assert - 새 비밀번호로 인증 성공
+            UserModel result = userService.authenticate(VALID_LOGIN_ID, NEW_PASSWORD);
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+        }
+
+        @DisplayName("비밀번호 변경 후 기존 비밀번호로 인증하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenAuthenticatingWithOldPassword() {
+            // arrange - 회원가입 및 비밀번호 변경
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+            userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, NEW_PASSWORD);
+
+            // act & assert - 기존 비밀번호로 인증 실패
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.authenticate(VALID_LOGIN_ID, VALID_PASSWORD);
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+
+        @DisplayName("현재 비밀번호가 일치하지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenCurrentPasswordDoesNotMatch() {
+            // arrange - 회원가입
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, "wrongPw@123", NEW_PASSWORD);
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+
+        @DisplayName("새 비밀번호가 현재 비밀번호와 동일하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenNewPasswordIsSameAsCurrent() {
+            // arrange - 회원가입
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, VALID_PASSWORD);
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+        }
+    }
+
+    @DisplayName("로그인 ID로 조회할 때, ")
+    @Nested
+    class FindByLoginId {
+
+        @DisplayName("존재하는 로그인 ID로 조회하면, 사용자를 반환한다.")
+        @Test
+        void returnsUser_whenLoginIdExists() {
+            // arrange - 회원가입
+            userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // act
+            UserModel result = userService.findByLoginId(VALID_LOGIN_ID);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+        }
+
+        @DisplayName("존재하지 않는 로그인 ID로 조회하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdNotFound() {
+            // act & assert
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.findByLoginId("nonexistent");
+            });
+
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.NOT_FOUND);
+        }
+    }
+}
diff --git a/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceTest.java b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceTest.java
new file mode 100644
index 00000000..1f8f0798
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/domain/user/UserServiceTest.java
@@ -0,0 +1,303 @@
+package com.loopers.domain.user;
+
+import com.loopers.support.error.CoreException;
+import com.loopers.support.error.ErrorType;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import java.util.Optional;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.*;
+
+@ExtendWith(MockitoExtension.class)
+class UserServiceTest {
+
+    private static final String VALID_LOGIN_ID = "namjin123";
+    private static final String VALID_PASSWORD = "qwer@1234";
+    private static final String VALID_ENCRYPTED_PASSWORD = "encrypted_password";
+    private static final String VALID_NAME = "namjin";
+    private static final String VALID_BIRTHDAY = "1994-05-25";
+    private static final String VALID_EMAIL = "epemxksl@gmail.com";
+
+    @Mock
+    private UserRepository userRepository;
+
+    @Mock
+    private PasswordEncoder passwordEncoder;
+
+    @InjectMocks
+    private UserService userService;
+
+    @DisplayName("회원가입을 할 때, ")
+    @Nested
+    class Signup {
+
+        @DisplayName("정상적인 정보로 회원가입이 성공한다.")
+        @Test
+        void signupSucceeds_whenInfoIsValid() {
+            // arrange
+            // stub: existsByLoginId 호출하면 false 반환 (해당 아이디로 가입된 회원 없음)
+            when(userRepository.existsByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(false);
+
+            // stub: 비밀번호 암호화
+            when(passwordEncoder.encode(VALID_PASSWORD))
+                    .thenReturn("encrypted_password");
+
+            // stub: save 호출 시 저장된 객체 반환
+            when(userRepository.save(any(UserModel.class)))
+                    .thenAnswer((invocation) -> invocation.getArgument(0));
+
+            // act
+            UserModel result = userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+
+            verify(userRepository, times(1)).save(any(UserModel.class));
+        }
+
+        @DisplayName("이미 가입된 로그인 ID로 가입하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdAlreadyExists() {
+            // arrange
+            when(userRepository.existsByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(true);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.signup(VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.CONFLICT);
+
+            // 행위 검증
+            verify(userRepository, never()).save(any());
+        }
+    }
+
+    @DisplayName("인증을 할 때, ")
+    @Nested
+    class Authenticate {
+
+        @DisplayName("올바른 로그인 ID와 비밀번호로 인증이 성공한다.")
+        @Test
+        void authenticateSucceeds_whenCredentialsAreValid() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            when(passwordEncoder.matches(VALID_PASSWORD, VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(true);
+
+            // act
+            UserModel result = userService.authenticate(VALID_LOGIN_ID, VALID_PASSWORD);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+        }
+
+        @DisplayName("존재하지 않는 로그인 ID로 인증하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdNotFound() {
+            // arrange
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.empty());
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.authenticate(VALID_LOGIN_ID, VALID_PASSWORD);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+
+        @DisplayName("비밀번호가 일치하지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenPasswordDoesNotMatch() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            when(passwordEncoder.matches("wrongPassword", VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(false);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.authenticate(VALID_LOGIN_ID, "wrongPassword");
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.UNAUTHORIZED);
+        }
+    }
+
+    @DisplayName("비밀번호를 변경할 때, ")
+    @Nested
+    class ChangePassword {
+
+        private static final String NEW_PASSWORD = "newPw@1234";
+        private static final String NEW_ENCRYPTED_PASSWORD = "new_encrypted_password";
+
+        @DisplayName("정상적인 정보로 비밀번호 변경이 성공한다.")
+        @Test
+        void changePasswordSucceeds_whenInfoIsValid() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            when(passwordEncoder.matches(VALID_PASSWORD, VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(true);
+            when(passwordEncoder.matches(NEW_PASSWORD, VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(false);
+            when(passwordEncoder.encode(NEW_PASSWORD))
+                    .thenReturn(NEW_ENCRYPTED_PASSWORD);
+            when(userRepository.save(any(UserModel.class)))
+                    .thenAnswer(invocation -> invocation.getArgument(0));
+
+            // act
+            userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, NEW_PASSWORD);
+
+            // assert
+            verify(userRepository, times(1)).save(any(UserModel.class));
+        }
+
+        @DisplayName("존재하지 않는 사용자이면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenUserNotFound() {
+            // arrange
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.empty());
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, NEW_PASSWORD);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.NOT_FOUND);
+            verify(userRepository, never()).save(any());
+        }
+
+        @DisplayName("현재 비밀번호가 일치하지 않으면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenCurrentPasswordDoesNotMatch() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            when(passwordEncoder.matches("wrongPw@123", VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(false);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, "wrongPw@123", NEW_PASSWORD);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+            verify(userRepository, never()).save(any());
+        }
+
+        @DisplayName("새 비밀번호가 현재 비밀번호와 동일하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenNewPasswordIsSameAsCurrent() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            // currentPassword == newPassword == VALID_PASSWORD 이므로,
+            // 1차 호출(현재 비밀번호 확인)과 2차 호출(새 비밀번호 == 현재 비밀번호 확인) 모두 이 stub에 매칭된다
+            when(passwordEncoder.matches(VALID_PASSWORD, VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(true);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, VALID_PASSWORD);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+            verify(userRepository, never()).save(any());
+        }
+
+        @DisplayName("새 비밀번호가 규칙에 위반되면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenNewPasswordViolatesRules() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+            when(passwordEncoder.matches(VALID_PASSWORD, VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(true);
+            when(passwordEncoder.matches("short", VALID_ENCRYPTED_PASSWORD))
+                    .thenReturn(false);
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.changePassword(VALID_LOGIN_ID, VALID_PASSWORD, "short");
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.BAD_REQUEST);
+            verify(userRepository, never()).save(any());
+        }
+    }
+
+    @DisplayName("로그인 ID로 조회할 때, ")
+    @Nested
+    class FindByLoginId {
+
+        @DisplayName("존재하는 로그인 ID로 조회하면, 사용자를 반환한다.")
+        @Test
+        void returnsUser_whenLoginIdExists() {
+            // arrange
+            UserModel user = new UserModel(VALID_LOGIN_ID, VALID_ENCRYPTED_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL);
+
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.of(user));
+
+            // act
+            UserModel result = userService.findByLoginId(VALID_LOGIN_ID);
+
+            // assert
+            assertThat(result).isNotNull();
+            assertThat(result.getLoginId()).isEqualTo(VALID_LOGIN_ID);
+        }
+
+        @DisplayName("존재하지 않는 로그인 ID로 조회하면, 예외가 발생한다.")
+        @Test
+        void throwsException_whenLoginIdNotFound() {
+            // arrange
+            when(userRepository.findByLoginId(VALID_LOGIN_ID))
+                    .thenReturn(Optional.empty());
+
+            // act
+            CoreException result = assertThrows(CoreException.class, () -> {
+                userService.findByLoginId(VALID_LOGIN_ID);
+            });
+
+            // assert
+            assertThat(result.getErrorType()).isEqualTo(ErrorType.NOT_FOUND);
+        }
+    }
+}
diff --git a/apps/commerce-api/src/test/java/com/loopers/interfaces/api/UserV1ApiE2ETest.java b/apps/commerce-api/src/test/java/com/loopers/interfaces/api/UserV1ApiE2ETest.java
new file mode 100644
index 00000000..69af5241
--- /dev/null
+++ b/apps/commerce-api/src/test/java/com/loopers/interfaces/api/UserV1ApiE2ETest.java
@@ -0,0 +1,344 @@
+package com.loopers.interfaces.api;
+
+import com.loopers.interfaces.api.user.UserV1Dto;
+import com.loopers.support.error.ErrorType;
+import com.loopers.utils.DatabaseCleanUp;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.junit.jupiter.api.Assertions.assertAll;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+class UserV1ApiE2ETest {
+
+    private static final String SIGNUP_ENDPOINT = "/api/v1/users/signup";
+    private static final String ME_ENDPOINT = "/api/v1/users/me";
+    private static final String CHANGE_PASSWORD_ENDPOINT = "/api/v1/users/password";
+    private static final String HEADER_LOGIN_ID = "X-Loopers-LoginId";
+    private static final String HEADER_LOGIN_PW = "X-Loopers-LoginPw";
+    private static final String VALID_LOGIN_ID = "namjin123";
+    private static final String VALID_PASSWORD = "qwer@1234";
+    private static final String VALID_NAME = "namjin";
+    private static final String EXPECTED_MASKED_NAME = "namji*";
+    private static final String VALID_BIRTHDAY = "1994-05-25";
+    private static final String VALID_EMAIL = "test@gmail.com";
+
+    private final TestRestTemplate testRestTemplate;
+    private final DatabaseCleanUp databaseCleanUp;
+
+    @Autowired
+    public UserV1ApiE2ETest(
+        TestRestTemplate testRestTemplate,
+        DatabaseCleanUp databaseCleanUp
+    ) {
+        this.testRestTemplate = testRestTemplate;
+        this.databaseCleanUp = databaseCleanUp;
+    }
+
+    @AfterEach
+    void tearDown() {
+        databaseCleanUp.truncateAllTables();
+    }
+
+    @DisplayName("POST /api/v1/users/signup")
+    @Nested
+    class Signup {
+
+        @DisplayName("정상적인 정보로 회원가입하면, 200 OK와 회원 정보를 반환한다.")
+        @Test
+        void returnsUserInfo_whenSignupIsValid() {
+            // arrange
+            UserV1Dto.SignupRequest request = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(request), responseType);
+
+            // assert
+            assertAll(
+                () -> assertTrue(response.getStatusCode().is2xxSuccessful()),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.SUCCESS),
+                () -> assertThat(response.getBody().data().loginId()).isEqualTo(VALID_LOGIN_ID),
+                () -> assertThat(response.getBody().data().name()).isEqualTo(EXPECTED_MASKED_NAME),
+                () -> assertThat(response.getBody().data().email()).isEqualTo(VALID_EMAIL)
+            );
+        }
+
+        @DisplayName("이미 존재하는 로그인 ID로 가입하면, 400 BAD_REQUEST 응답을 받는다.")
+        @Test
+        void throwsBadRequest_whenLoginIdAlreadyExists() {
+            // arrange - 먼저 회원가입
+            UserV1Dto.SignupRequest firstRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(firstRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 같은 loginId로 다시 가입 시도
+            UserV1Dto.SignupRequest duplicateRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, "other@1234", "다른사람", "1990-01-01", "other@gmail.com"
+            );
+
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(duplicateRequest), responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.CONFLICT),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+    }
+
+    @DisplayName("GET /api/v1/users/me")
+    @Nested
+    class GetMe {
+
+        @DisplayName("인증된 사용자가 내 정보를 조회하면, 200 OK와 회원 정보를 반환한다.")
+        @Test
+        void returnsUserInfo_whenAuthenticated() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 인증 헤더 설정
+            HttpHeaders headers = new HttpHeaders();
+            headers.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            headers.set(HEADER_LOGIN_PW, VALID_PASSWORD);
+
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                testRestTemplate.exchange(ME_ENDPOINT, HttpMethod.GET, new HttpEntity<>(headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertTrue(response.getStatusCode().is2xxSuccessful()),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.SUCCESS),
+                () -> assertThat(response.getBody().data().loginId()).isEqualTo(VALID_LOGIN_ID),
+                () -> assertThat(response.getBody().data().name()).isEqualTo(EXPECTED_MASKED_NAME),
+                () -> assertThat(response.getBody().data().email()).isEqualTo(VALID_EMAIL)
+            );
+        }
+
+        @DisplayName("인증 헤더가 누락되면, 401 UNAUTHORIZED 응답을 받는다.")
+        @Test
+        void returnsUnauthorized_whenHeadersMissing() {
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                    // httpEntity로 null을 전달하면 본문 및 헤더 둘 다 없다는 의미이기 때문에 빈 HttpEntity를 전달하자.
+                testRestTemplate.exchange(ME_ENDPOINT, HttpMethod.GET, HttpEntity.EMPTY, responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+
+        @DisplayName("잘못된 비밀번호로 요청하면, 401 UNAUTHORIZED 응답을 받는다.")
+        @Test
+        void returnsUnauthorized_whenPasswordIsWrong() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 잘못된 비밀번호로 인증 헤더 설정
+            HttpHeaders headers = new HttpHeaders();
+            headers.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            headers.set(HEADER_LOGIN_PW, "wrongPw@123");
+
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                testRestTemplate.exchange(ME_ENDPOINT, HttpMethod.GET, new HttpEntity<>(headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+    }
+
+    @DisplayName("PATCH /api/v1/users/password")
+    @Nested
+    class ChangePassword {
+
+        private static final String NEW_PASSWORD = "newPw@1234";
+
+        @DisplayName("정상적인 정보로 비밀번호를 변경하면, 200 OK를 반환한다.")
+        @Test
+        void returnsSuccess_whenChangePasswordIsValid() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 인증 헤더 설정
+            HttpHeaders headers = new HttpHeaders();
+            headers.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            headers.set(HEADER_LOGIN_PW, VALID_PASSWORD);
+            headers.set("Content-Type", "application/json");
+
+            UserV1Dto.ChangePasswordRequest request = new UserV1Dto.ChangePasswordRequest(VALID_PASSWORD, NEW_PASSWORD);
+
+            // act
+            ParameterizedTypeReference<ApiResponse<Object>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<Object>> response =
+                testRestTemplate.exchange(CHANGE_PASSWORD_ENDPOINT, HttpMethod.PATCH, new HttpEntity<>(request, headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertTrue(response.getStatusCode().is2xxSuccessful()),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.SUCCESS)
+            );
+        }
+
+        @DisplayName("현재 비밀번호가 일치하지 않으면, 400 BAD_REQUEST 응답을 받는다.")
+        @Test
+        void returnsBadRequest_whenCurrentPasswordDoesNotMatch() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 인증 헤더 설정
+            HttpHeaders headers = new HttpHeaders();
+            headers.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            headers.set(HEADER_LOGIN_PW, VALID_PASSWORD);
+            headers.set("Content-Type", "application/json");
+
+            UserV1Dto.ChangePasswordRequest request = new UserV1Dto.ChangePasswordRequest("wrongPw@123", NEW_PASSWORD);
+
+            // act
+            ParameterizedTypeReference<ApiResponse<Object>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<Object>> response =
+                testRestTemplate.exchange(CHANGE_PASSWORD_ENDPOINT, HttpMethod.PATCH, new HttpEntity<>(request, headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+
+        @DisplayName("새 비밀번호가 현재 비밀번호와 동일하면, 400 BAD_REQUEST 응답을 받는다.")
+        @Test
+        void returnsBadRequest_whenNewPasswordIsSameAsCurrent() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 인증 헤더 설정
+            HttpHeaders headers = new HttpHeaders();
+            headers.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            headers.set(HEADER_LOGIN_PW, VALID_PASSWORD);
+            headers.set("Content-Type", "application/json");
+
+            UserV1Dto.ChangePasswordRequest request = new UserV1Dto.ChangePasswordRequest(VALID_PASSWORD, VALID_PASSWORD);
+
+            // act
+            ParameterizedTypeReference<ApiResponse<Object>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<Object>> response =
+                testRestTemplate.exchange(CHANGE_PASSWORD_ENDPOINT, HttpMethod.PATCH, new HttpEntity<>(request, headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+
+        @DisplayName("인증 헤더가 누락되면, 401 UNAUTHORIZED 응답을 받는다.")
+        @Test
+        void returnsUnauthorized_whenHeadersMissing() {
+            // arrange
+            UserV1Dto.ChangePasswordRequest request = new UserV1Dto.ChangePasswordRequest(VALID_PASSWORD, NEW_PASSWORD);
+
+            HttpHeaders headers = new HttpHeaders();
+            headers.set("Content-Type", "application/json");
+
+            // act
+            ParameterizedTypeReference<ApiResponse<Object>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<Object>> response =
+                testRestTemplate.exchange(CHANGE_PASSWORD_ENDPOINT, HttpMethod.PATCH, new HttpEntity<>(request, headers), responseType);
+
+            // assert
+            assertAll(
+                () -> assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.FAIL)
+            );
+        }
+
+        @DisplayName("비밀번호 변경 후 새 비밀번호로 내 정보 조회가 성공한다.")
+        @Test
+        void canAccessMeWithNewPassword_afterPasswordChange() {
+            // arrange - 회원가입
+            UserV1Dto.SignupRequest signupRequest = new UserV1Dto.SignupRequest(
+                VALID_LOGIN_ID, VALID_PASSWORD, VALID_NAME, VALID_BIRTHDAY, VALID_EMAIL
+            );
+            testRestTemplate.exchange(SIGNUP_ENDPOINT, HttpMethod.POST, new HttpEntity<>(signupRequest),
+                new ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>>() {});
+
+            // 비밀번호 변경
+            HttpHeaders changeHeaders = new HttpHeaders();
+            changeHeaders.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            changeHeaders.set(HEADER_LOGIN_PW, VALID_PASSWORD);
+            changeHeaders.set("Content-Type", "application/json");
+
+            UserV1Dto.ChangePasswordRequest changeRequest = new UserV1Dto.ChangePasswordRequest(VALID_PASSWORD, NEW_PASSWORD);
+            testRestTemplate.exchange(CHANGE_PASSWORD_ENDPOINT, HttpMethod.PATCH, new HttpEntity<>(changeRequest, changeHeaders),
+                new ParameterizedTypeReference<ApiResponse<Object>>() {});
+
+            // 새 비밀번호로 내 정보 조회
+            HttpHeaders meHeaders = new HttpHeaders();
+            meHeaders.set(HEADER_LOGIN_ID, VALID_LOGIN_ID);
+            meHeaders.set(HEADER_LOGIN_PW, NEW_PASSWORD);
+
+            // act
+            ParameterizedTypeReference<ApiResponse<UserV1Dto.UserResponse>> responseType = new ParameterizedTypeReference<>() {};
+            ResponseEntity<ApiResponse<UserV1Dto.UserResponse>> response =
+                testRestTemplate.exchange(ME_ENDPOINT, HttpMethod.GET, new HttpEntity<>(meHeaders), responseType);
+
+            // assert
+            assertAll(
+                () -> assertTrue(response.getStatusCode().is2xxSuccessful()),
+                () -> assertThat(response.getBody().meta().result()).isEqualTo(ApiResponse.Metadata.Result.SUCCESS),
+                () -> assertThat(response.getBody().data().loginId()).isEqualTo(VALID_LOGIN_ID)
+            );
+        }
+    }
+}