Skip to main content

POST /api/auth/login

Authenticates a user with email and password. On success, Supabase sets session cookies automatically. Accounts flagged as blocked are denied access regardless of credentials.

Request body

email
string
required
The user’s email address.
password
string
required
The user’s password.

Response

200 — Success

message
string
Confirmation string. Value: "Login exitoso".
user
object
The authenticated Supabase Auth user object.
Supabase sets session cookies on the response automatically. You do not need to manage tokens manually for browser-based clients.

400 — Invalid credentials

error
string
A Supabase Auth error message — for example, "Invalid login credentials" when the email or password is incorrect.

403 — Account blocked

Returned when the user’s profile has bloqueado = true. The session is signed out immediately after this check.
error
string
Value: "Tu cuenta ha sido bloqueada por un administrador. No puedes iniciar sesión."
When a 403 is returned, the user was authenticated by Supabase but the session is immediately invalidated server-side. No active session is created.

500 — Server error

error
string
Possible values:
  • "Error al verificar el estado de la cuenta." — the profile lookup failed after authentication. The session is signed out.
  • "Error interno del servidor" — an unexpected error occurred.

Example request

curl --request POST \
  --url https://your-domain.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "[email protected]",
    "password": "contraseña-segura"
  }'

Example responses

Success (200)
{
  "message": "Login exitoso",
  "user": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "email": "[email protected]"
  }
}
Invalid credentials (400)
{
  "error": "Invalid login credentials"
}
Blocked account (403)
{
  "error": "Tu cuenta ha sido bloqueada por un administrador. No puedes iniciar sesión."
}

Build docs developers (and LLMs) love

Get started for freeTalk to us