Skip to main content
POST
/
api
/
auth
/
login
curl -X POST https://api.example.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your-password"
  }'

{
  "error": "Email y contraseña requeridos"
}
Authenticates a user with email and password credentials. On successful authentication, creates an encrypted session cookie (icl-session) that is used for subsequent authenticated requests.

Request Body

email
string
required
User’s email address
password
string
required
User’s password

Response

user
object
The authenticated user object
id
number
User’s unique identifier
full_name
string
User’s full name
email
string
User’s email address
rol
string
User’s role (e.g., “admin”, “user”, “viewer”)
On successful login, the server sets an icl-session cookie with the following attributes:
  • httpOnly: true (not accessible via JavaScript)
  • sameSite: lax
  • secure: false (configured for localhost)
The session contains:
  • userId: User’s ID
  • email: User’s email
  • full_name: User’s full name
  • rol: User’s role
  • isLoggedIn: true
curl -X POST https://api.example.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your-password"
  }'

Error Responses

{
  "error": "Email y contraseña requeridos"
}

Notes

  • Users must have is_active set to true in the database to login
  • Passwords are validated using bcrypt
  • Invalid credentials return the same error message for security (prevents user enumeration)

Build docs developers (and LLMs) love

Get started for freeTalk to us