Skip to main content
POST
/
auth
/
login
curl -X POST 'https://api.weir.ai/auth/login' \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "Jane Doe",
    "password": "securePassword123"
  }'

{
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "refreshToken": "refresh_token_123456789",
    "expiresIn": 3600,
    "user": {
      "id": "user_123456789",
      "fullname": "Jane Doe",
      "email": "jane@example.com",
      "role": "Organization_Admin"
    }
  },
  "message": "Login successful",
  "status": "success"
}

User Login

Authenticate users with their username and password to receive access and refresh tokens for Console API access. 
curl -X POST 'https://api.weir.ai/auth/login' \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "Jane Doe",
    "password": "securePassword123"
  }'

{
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
    "refreshToken": "refresh_token_123456789",
    "expiresIn": 3600,
    "user": {
      "id": "user_123456789",
      "fullname": "Jane Doe",
      "email": "jane@example.com",
      "role": "Organization_Admin"
    }
  },
  "message": "Login successful",
  "status": "success"
}

Authentication

This endpoint does not require authentication as it’s used to obtain authentication tokens.

Request Body

username
string
required
The user’s username or email address for authentication.
password
string
required
The user’s password for authentication.

Response Fields

data
object
required
Authentication data object containing tokens and user information.
message
string
required
Human-readable message describing the result of the operation.
status
string
required
Operation status. Always “success” for successful login.

Error Responses

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid request parameters",
    "details": {
      "username": "Username is required",
      "password": "Password is required"
    }
  },
  "status": "error"
}
Causes:
  • Missing username or password
  • Invalid request format
{
  "error": {
    "code": "INVALID_CREDENTIALS",
    "message": "Invalid username or password",
    "details": "The provided credentials are incorrect"
  },
  "status": "error"
}
Causes:
  • Incorrect username or password
  • User account not found
  • Account is disabled
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "Too many login attempts",
    "details": "Rate limit of 5 login requests per minute exceeded"
  },
  "status": "error"
}
Solution: Wait for the rate limit window to reset before making another login attempt.

Usage Examples

const login = async (username, password) => {
  try {
    const response = await fetch('https://api.weir.ai/auth/login', {
      method: 'POST',
      headers: {
        'Content-Type': 'application/json'
      },
      body: JSON.stringify({ username, password })
    });
    
    if (!response.ok) {
      throw new Error(`HTTP error! status: ${response.status}`);
    }
    
    const data = await response.json();
    
    // Store tokens securely
    localStorage.setItem('accessToken', data.data.accessToken);
    localStorage.setItem('refreshToken', data.data.refreshToken);
    
    return data;
  } catch (error) {
    console.error('Login error:', error);
    throw error;
  }
};

// Usage
const loginData = await login('jane.doe@example.com', 'securePassword123');
console.log('User:', loginData.data.user);

Rate Limits

  • Rate Limit: 5 requests per minute per IP address
  • Burst Limit: 10 requests per 5-minute window

Security Considerations

Important: Never store passwords in plain text or expose them in client-side code. Always use secure password transmission and storage mechanisms.
  • Use strong passwords with minimum complexity requirements
  • Implement password hashing on the server side
  • Never log or expose passwords in error messages
  • Use HTTPS for all login requests
  • Store access and refresh tokens securely
  • Implement automatic token refresh before expiration
  • Use secure storage mechanisms (not localStorage for sensitive apps)
  • Implement proper logout functionality to invalidate tokens
  • Implement rate limiting to prevent brute force attacks
  • Consider implementing account lockout after failed attempts
  • Monitor for suspicious login patterns
  • Use CAPTCHA for repeated failed attempts

Best Practices

Secure Token Storage

Store tokens securely using appropriate storage mechanisms for your application type.

Implement Auto-Refresh

Implement automatic token refresh before expiration to ensure uninterrupted access.

Handle Errors Gracefully

Implement proper error handling for authentication failures and network issues.

Implement Logout

Provide logout functionality to properly invalidate tokens and clear user session.
Pro Tip: Implement a token manager class that handles login, token storage, automatic refresh, and logout to simplify your authentication flow.