POST
/
api
/
v1
/
auth
/
login
Login
curl --request POST \
  --url http://34.170.194.254:8000/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "username": "<string>",
  "password": "<string>"
}
'
{
  "mfa_required": false,
  "enrollment_required": false,
  "mfa_challenge_token": "<string>",
  "enrollment_token": "<string>",
  "access_token": "<string>",
  "token_type": "bearer",
  "client_id": "<string>",
  "scopes": [
    "<string>"
  ]
}

Body

application/json

Login Request schema.

username
string
required

Login username

password
string
required

Login password

Response

Login success or MFA challenge issued

Login response with three shapes (see entity_registry LoginResponse).

mfa_required
boolean
default:false

When true, client must complete MFA (verify or forced enrollment) before getting an access token

enrollment_required
boolean
default:false

When true, the user has no MFA yet but MFA_REQUIRED is on — client must use enrollment_token to drive forced enrollment

mfa_challenge_token
string | null

Short-lived token to be POSTed to /auth/mfa/verify (only set when mfa_required=true and enrollment_required=false)

enrollment_token
string | null

Short-lived token to be used as the bearer for /auth/mfa/enroll and /auth/mfa/enroll-and-verify (only set when enrollment_required=true)

access_token
string | null

Issued bearer access token (only set when mfa_required=false)

token_type
string
default:bearer

Token type

client_id
string | null

Client identifier associated with token (only set when mfa_required=false)

scopes
string[]

Granted scopes (only populated when mfa_required=false)