Sign in user

Authentication

Description

Sign in a user with email and password. If two-factor authentication is enabled, include an authenticator-app code or recovery code. Returns a JWT token valid for 24 hours and a refresh token for renewing it.

Request Body

required

`application/json`

emailstring (email)required

Example: [email protected]

passwordstring (password)required

Example: securepassword123

otp_codestring

Authenticator-app code or recovery code, required only when two-factor authentication is enabled.

Example: 123456

Responses

200 Sign in successful

application/json

statusstring

Example: success

messagestring

Example: Authentication successful

tokenstring

JWT token for authentication (valid for 24 hours)

Example: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ.K7-example-token

refresh_tokenstring

Refresh token for obtaining new JWT tokens. Single-use.

Example: dGhpcyBpcyBhIHNhbXBsZSByZWZyZXNoIHRva2Vu

401 Invalid credentials or missing two-factor authentication code

application/json

Example:

{
  "status": "error",
  "message": "Invalid email or password"
}

403 Account disabled

application/json

Example:

{
  "status": "error",
  "message": "This account is disabled"
}