Wiki
Clone wikiAPI-2.0 / Login
Method: POST
Path: /login
Authenticate user and return auth token (see General notes for usage). Returns 401 if login is unsuccessful.
Login endpoint is returns 403 forbidden with a message when account is locked, which currently happens after 5 invalid attempts within 1 minute. Current lockout time is 5mins. Already logged-in user remains logged-in and is not affected by this until log-out.
Request schema:
{ "$schema": "http://json-schema.org/draft-04/schema#", "title": "Login request", "type": "object", "properties": { "email": { "type": "string", "format": "email", "minLength": 1, "maxLength": 255 }, "password": { "type": "string", "minLength": 1 }, "token": { "type": ["string", "null"], "pattern": "\\A\\d{6}\\z" } }, "required": [ "email", "password" ] }
Example request JSON
{ "email": "user@email.com", "password":"trustno1" }
Example request:
For production, replace https://acme-sandbox.l27.co
with https://<your subdomain>.launch27.com
curl -H "Content-Type: application/json" \ -X POST -k \ -d '{"email": "user@email.com", "password":"trustno1"}' \ https://acme-sandbox.l27.co/latest/login
Response
- 401 Unauthorized on login failure.
- 403 Forbidden "OTP token is required" when user has 2FA (coming soon...) and request doesn't have a token, or account locked out.
- 422 on JSON schema errors.
- 200 OK on success.
Example response JSON:
{ "id": 15, "email": "user@email.com", "type": "Tenant::Customer", "first_name": "First", "last_name": "Last", "bearer": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6ImxpbGx5QGt1bmRlLmluZm8iLCJzaW5nbGVfYWNjZXNzX3Rva2VuIjoiZW4zcm1PekJKczZtb2VSTmx3cUsiLCJleHAiOjE0OTc5Nzk3NDUsImlzcyI6IkxhdW5jaDI3In0.DrDR4wYoj0LRDQ4tu8yKAJU-FqTEgzcy8wqwego9SGg" }
Updated