Skip to main content
POST
/
api
/
auth
/
login
Login
curl --request POST \
  --url https://api.example.com/api/auth/login
{
  "message": "<string>",
  "user": {
    "user.id": 123,
    "user.name": "<string>",
    "user.email": "<string>",
    "user.role": "<string>",
    "user.company_id": 123,
    "user.permissions": [
      {}
    ]
  },
  "access_token": "<string>",
  "token_type": "<string>"
}
Authenticate a user and obtain an access token for API requests.

Authentication

This endpoint is public and does not require authentication. However, the user must be active and not locked to successfully authenticate.

Request Body

email
string
required
User’s email address
password
string
required
User’s password

Response

message
string
Status message indicating login result
user
object
User information object
user.id
integer
User’s unique identifier
user.name
string
User’s full name
user.email
string
User’s email address
user.role
string
User’s role display name
user.company_id
integer
Associated company ID (nullable)
user.permissions
array
Array of permission strings assigned to the user’s role
access_token
string
Bearer token for authenticating subsequent API requests
token_type
string
Token type (always “Bearer”)

Code Examples

curl -X POST https://api.example.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "SecurePass123"
  }'

Response Examples

Success Response

200 OK
{
  "message": "Login exitoso",
  "user": {
    "id": 1,
    "name": "Admin User",
    "email": "[email protected]",
    "role": "Super Administrador",
    "company_id": 1,
    "permissions": [
      "users.view",
      "users.create",
      "users.edit",
      "users.delete",
      "companies.view",
      "companies.create"
    ]
  },
  "access_token": "1|abcdefghijklmnopqrstuvwxyz1234567890",
  "token_type": "Bearer"
}

Error Responses

401 Unauthorized - Invalid Credentials
{
  "message": "Credenciales incorrectas",
  "status": "error"
}
401 Unauthorized - Inactive User
{
  "message": "Usuario inactivo",
  "status": "error"
}
401 Unauthorized - Locked User
{
  "message": "Usuario bloqueado",
  "status": "error"
}
422 Unprocessable Entity - Validation Error
{
  "message": "The email field is required. (and 1 more error)",
  "errors": {
    "email": [
      "The email field is required."
    ],
    "password": [
      "The password field is required."
    ]
  }
}

User States

Upon successful login, the system records the login timestamp and IP address for security tracking purposes.
Users can be locked after multiple failed login attempts. Contact your system administrator to unlock the account.

Using the Access Token

Include the access token in the Authorization header for all authenticated requests: 
Authorization: Bearer 1|abcdefghijklmnopqrstuvwxyz1234567890

Build docs developers (and LLMs) love

Get started for freeTalk to us