Skip to main content
POST /api/v1/login No authentication required. Validates credentials and returns a session scoped to the caller’s current organization, along with a list of all accessible organizations. Use the returned token to authenticate subsequent requests and the refresh_token to obtain new access tokens when the current one expires.

Request body

username
string
required
Email address of the account.
password
string
required
Account password.

Response

token
string
required
JWT access token scoped to the current organization membership. Expires after 1 hour.
refresh_token
string
required
JWT refresh token. Expires after 30 days. Use it with refresh-token to get a new access token.
user
object
required
The authenticated user.
current_organization
object
required
The organization this session is scoped to.
organizations
OrganizationSummary[]
required
All organizations the caller is a member of.

Errors

StatusWhen
400Request body is invalid or missing required fields
401Invalid credentials
404Account not found

Example

curl -X POST http://localhost:8080/api/v1/login \
  -H "Content-Type: application/json" \
  -d '{
    "username": "[email protected]",
    "password": "mypassword123"
  }'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "name": "Onur Kacmaz",
    "email": "[email protected]",
    "role": "admin",
    "email_verified_at": "2026-03-21T10:05:00Z",
    "created_at": "2026-03-21T10:00:00Z",
    "updated_at": "2026-03-21T10:05:00Z"
  },
  "current_organization": {
    "id": "org-uuid-here",
    "slug": "acme-corp",
    "name": "Acme Corp",
    "role": "owner"
  },
  "organizations": [
    {
      "id": "org-uuid-here",
      "slug": "acme-corp",
      "name": "Acme Corp",
      "role": "owner"
    }
  ]
}

Build docs developers (and LLMs) love

Get started for freeTalk to us