POST /api/auth/login

Endpoint

POST /api/auth/login

Authenticates a user with their email and password credentials. Returns user information on successful authentication.

Request Body

string

required

User’s email address

password

string

required

User’s password (minimum 8 characters)

Response

integer

User’s unique database ID

string

User’s email address

name

string

User’s display name (may be null)

Example Request

cURL

curl -X POST http://localhost:5080/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "mySecurePassword123"
  }'

JavaScript

const response = await fetch('http://localhost:5080/api/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    email: '[email protected]',
    password: 'mySecurePassword123',
  }),
});

const data = await response.json();
console.log(data);

Python

import requests

response = requests.post(
    'http://localhost:5080/api/auth/login',
    json={
        'email': '[email protected]',
        'password': 'mySecurePassword123'
    }
)

data = response.json()
print(data)

Example Response

{
  "id": 12345,
  "email": "[email protected]",
  "name": "John Doe"
}

Security Notes

Timing Attack Prevention

The login endpoint implements protection against timing attacks:

Password verification always runs, even if the user doesn’t exist
A dummy bcrypt hash is used when the user is not found
This ensures consistent response times regardless of whether the user exists

Password Verification

Passwords are verified using bcrypt’s secure comparison
Original password is never stored or logged
Only the bcrypt hash is stored in the database

Error Handling

Status Code	Description
200	Authentication successful
400	Invalid request body or missing required fields
401	Invalid email or password
500	Internal server error

Frontend Integration

The frontend uses Auth.js (NextAuth.js) for authentication:

import { signIn } from "next-auth/react"

const result = await signIn("credentials", {
  email,
  password,
  redirect: false,
})

if (result?.error) {
  // Handle authentication error
  console.error("Login failed:", result.error)
} else if (result?.ok) {
  // Authentication successful
  // Auth.js automatically manages the session
  router.push("/dashboard")
}

Register

Create a new user account

Change Password

Update user password

Authentication

Incidents

Chat Sessions

Connectors

Health & Monitoring

POST /api/auth/login

Endpoint

Request Body

Response

Example Request

Example Response

Security Notes

Timing Attack Prevention

Password Verification

Error Handling

Frontend Integration

Register

Change Password

Build docs developers (and LLMs) love

Authentication

Incidents

Chat Sessions

Connectors

Health & Monitoring

​Endpoint

​Request Body

​Response

​Example Request

​Example Response

​Security Notes

​Timing Attack Prevention

​Password Verification

​Error Handling

​Frontend Integration

​Related Endpoints

Register

Change Password

Build docs developers (and LLMs) love

Endpoint

Request Body

Response

Example Request

Example Response

Security Notes

Timing Attack Prevention

Password Verification

Error Handling

Frontend Integration

Related Endpoints