Skip to main content

​
POST /auth/login

Authenticates a user with username and password credentials and returns a JWT token for subsequent API requests. Authentication: None required (public endpoint) Source: LoginController.java:21

​
Request

​
username
string
required
Username for authentication. Must be between 3 and 50 characters.Validation:
  • Required field
  • Minimum length: 3 characters
  • Maximum length: 50 characters
​
password
string
required
User password. Must be between 1 and 100 characters.Validation:
  • Required field
  • Minimum length: 1 character
  • Maximum length: 100 characters

​
Response

​
token
string
JWT authentication token. Include this token in the Authorization header as Bearer {token} for authenticated requests.
​
employeeName
object
Employee information associated with the authenticated user.
​
uiPermissions
array
Array of UI permission strings that determine which features and sections the user can access in the application.

​
Error Responses

​
401 Unauthorized
error
Returned when credentials are invalid or user is not found.
{
  "timestamp": "2026-03-05T12:00:00.000+00:00",
  "status": 401,
  "error": "Unauthorized",
  "message": "Invalid credentials",
  "path": "/auth/login"
}
​
400 Bad Request
error
Returned when request validation fails (e.g., missing fields, invalid format).
{
  "timestamp": "2026-03-05T12:00:00.000+00:00",
  "status": 400,
  "error": "Bad Request",
  "message": "El usuario no puede ser nulo.",
  "path": "/auth/login"
}

​
Examples

curl -X POST https://api.integra.example.com/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "jdoe",
    "password": "securePassword123"
  }'

​
Success Response Example

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqZG9lIiwiaWF0IjoxNzA5NjQwMDAwLCJleHAiOjE3MDk3MjY0MDB9.abc123xyz",
  "employeeName": {
    "id": 12345,
    "codigo": "EMP001",
    "nombre": "John",
    "apellidoPaterno": "Doe",
    "apellidoMaterno": "Smith",
    "nombreCompleto": "John Doe Smith",
    "puesto": {
      "id": 10,
      "nombre": "Software Engineer"
    },
    "departamento": {
      "id": 5,
      "nombre": "Engineering"
    },
    "fechaAlta": "2020-01-15",
    "estatus": "ACTIVO",
    "sexo": "M"
  },
  "uiPermissions": [
    "view_dashboard",
    "manage_attendance",
    "view_reports",
    "access_kiosk"
  ]
}

​
Using the JWT Token

After successful authentication, include the JWT token in all subsequent API requests: 
curl -X GET https://api.integra.example.com/api/employees \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
JWT tokens have an expiration time. When a token expires, the client must re-authenticate using this login endpoint to obtain a new token.
Always transmit credentials over HTTPS. Never log or expose JWT tokens in client-side code or version control.

Build docs developers (and LLMs) love

Get started for freeTalk to us