Wiki

Method: POST

Path: /login

Authenticate user and return auth token (see General notes for usage). Returns 401 if login is unsuccessful.

Login endpoint is returns 403 forbidden with a message when account is locked, which currently happens after 5 invalid attempts within 1 minute. Current lockout time is 5mins. Already logged-in user remains logged-in and is not affected by this until log-out.

Request schema:

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "title": "Login request",
    "type": "object",

    "properties": {
        "email": {
            "type": "string",
            "format": "email",
            "minLength": 1,
            "maxLength": 255
        },
        "password": {
            "type": "string",
            "minLength": 1
        },
        "token": {
            "type": ["string", "null"],
            "pattern": "\\A\\d{6}\\z"
        }
    },

    "required": [
        "email",
        "password"
    ]
}

Example request JSON

{
  "email": "user@email.com",
  "password":"trustno1"
}

Example request:

For production, replace https://acme-sandbox.l27.co with https://<your subdomain>.launch27.com

curl -H "Content-Type: application/json" \
     -X POST -k \
     -d '{"email": "user@email.com", "password":"trustno1"}' \
     https://acme-sandbox.l27.co/latest/login

Response

401 Unauthorized on login failure.
403 Forbidden "OTP token is required" when user has 2FA (coming soon...) and request doesn't have a token, or account locked out.
422 on JSON schema errors.
200 OK on success.

Example response JSON:

{
  "id": 15,
  "email": "user@email.com",
  "type": "Tenant::Customer",
  "first_name": "First",
  "last_name": "Last",
  "bearer": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImxpbGx5QGt1bmRlLmluZm8iLCJzaW5nbGVfYWNjZXNzX3Rva2VuIjoiZW4zcm1PekJKczZtb2VSTmx3cUsiLCJleHAiOjE0OTc5Nzk3NDUsImlzcyI6IkxhdW5jaDI3In0.DrDR4wYoj0LRDQ4tu8yKAJU-FqTEgzcy8wqwego9SGg"
}