Login

Authenticates a user with their username and password credentials. Supports two-factor authentication (TOTP) when enabled for the user.

Request Body

username

string

required

The user’s username (trimmed, minimum 1 character)

password

string

required

The user’s password (trimmed, minimum 1 character)

code

string

TOTP code for two-factor authentication. Required if the user has TOTP enabled and this is a second login request.

Headers

x-zipline-client

string

Optional client identifier for tracking the source of the request

Response

user

object

The authenticated user object (only returned on successful login)

Show User object properties

string

Unique user identifier

username

string

The user’s username

role

string

User role: USER, ADMIN, or SUPERADMIN

createdAt

string

ISO 8601 timestamp of account creation

updatedAt

string

ISO 8601 timestamp of last account update

view

object

User view settings and preferences

oauthProviders

array

Array of connected OAuth providers

totpSecret

string | null

TOTP secret (if enabled)

quota

object | null

User quota settings

avatar

string | null

User avatar URL or data URI

token

string

API authentication token

totp

boolean

Indicates that TOTP is enabled for this user. When true, the client should prompt for a TOTP code and make a second request with the code parameter.

Rate Limiting

This endpoint is rate limited to 2 requests per second.

Authentication Flow

Initial request: Send username and password
TOTP enabled: If the user has TOTP enabled, the response will be { "totp": true }
Second request: Make another request with the same credentials plus the code parameter
Success: Returns the user object and establishes a session

Error Responses

400 Bad Request - Invalid username or password
400 Bad Request - Invalid code (when TOTP code is incorrect)
429 Too Many Requests - Rate limit exceeded

Example Request

curl -X POST https://your-zipline-instance.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "johndoe",
    "password": "securepassword123"
  }'

Example Response (No TOTP)

{
  "user": {
    "id": "clx1234567890",
    "username": "johndoe",
    "role": "USER",
    "createdAt": "2024-01-15T10:30:00.000Z",
    "updatedAt": "2024-03-01T14:22:00.000Z",
    "view": {},
    "oauthProviders": [],
    "totpSecret": null,
    "quota": null,
    "avatar": null,
    "token": "zpl_abc123def456ghi789"
  }
}

Example Response (TOTP Enabled)

{
  "totp": true
}

Example Request with TOTP Code

curl -X POST https://your-zipline-instance.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "johndoe",
    "password": "securepassword123",
    "code": "123456"
  }'

Overview

Authentication

Uploads

Files

Folders

URLs

Tags

User

Admin

Request Body

Headers

Response

Rate Limiting

Authentication Flow

Error Responses

Example Request

Example Response (No TOTP)

Example Response (TOTP Enabled)

Example Request with TOTP Code

Build docs developers (and LLMs) love

Overview

Authentication

Uploads

Files

Folders

URLs

Tags

User

Admin

​POST /api/auth/login

​Request Body

​Headers

​Response

​Rate Limiting

​Authentication Flow

​Error Responses

​Example Request

​Example Response (No TOTP)

​Example Response (TOTP Enabled)

​Example Request with TOTP Code

Build docs developers (and LLMs) love

POST /api/auth/login

Request Body

Headers

Response

Rate Limiting

Authentication Flow

Error Responses

Example Request

Example Response (No TOTP)

Example Response (TOTP Enabled)

Example Request with TOTP Code