Authenticates a user providing an access_token (JWT) for subsequent calls
The access_token must be used as a Bearer in the HTTP Authorization header of all non-public endpoints and it will have a short duration (normally 1 hour). The login endpoint also returns a refresh_token: bear in mind this just provides a basic refresh token functionality (for simplicity it does not intend to follow the OAuth 2.0 standard), this refresh token functionality it is provided mainly to prevent a user session to be abruptly interrupted while he is active if the access_token suddenly expires, providing a way to the caller so it can quickly call /auth/refresh-token endpoint and then inmmediately retry the original call with the new access_token
Headers
-
Specify effective organization_id for Admin and Group Organization Admins. This is a global header for all endpoints only taken into consideration when it makes sense (it won't be used in Auth, for example)
Responses
-
• 200
User successfully logged in
-
• 201
Created
-
• 400
Missing or invalid request body
-
• 401
Unauthorized. Please check field error_code:
- bad-credentials: Invalid username and/or password
- account-not-validated: User needs to validate his account (normally his/her email)
- token-expired: JWT token expired
- inactive-account: Account has been disabled/deleted
-
• 403
Forbidden
-
• 404
Not Found
-
• 500
Internal error
curl \
-X POST https://api-dev.gatego.io:443/auth/login \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"password":"string","username":"string"}'# Headers
# Payload
{
"password": "string",
"username": "string"
}{
"access_token": "string",
"jwt_token": "string",
"refresh_token": "string"
}"{\n \"error_code\": \"account-not-validated\",\n \"extra_attributes\": {\n \"resend_code\": \"d2e93fb1-5541-4a90-8215-ca1ebcdcab8b\",\n },\n \"trace_id\": \"2835818043d277b0\"\n \"message\": \"Account not validated\",\n}\n"