Console APIs - Authentication
User Login
Authenticate users with username and password to get access and refresh tokens
POST
User Login
Authenticate users with their username and password to receive access and refresh tokens for Console API access.Authentication
This endpoint does not require authentication as it’s used to obtain authentication tokens.Request Body
The user’s username or email address for authentication.
The user’s password for authentication.
Response Fields
Authentication data object containing tokens and user information.
Human-readable message describing the result of the operation.
Operation status. Always “success” for successful login.
Error Responses
400 Bad Request
400 Bad Request
- Missing username or password
- Invalid request format
401 Unauthorized
401 Unauthorized
429 Too Many Requests
429 Too Many Requests
Usage Examples
Rate Limits
- Rate Limit: 5 requests per minute per IP address
- Burst Limit: 10 requests per 5-minute window
Security Considerations
Password Security
Password Security
- Use strong passwords with minimum complexity requirements
- Implement password hashing on the server side
- Never log or expose passwords in error messages
- Use HTTPS for all login requests
Token Security
Token Security
- Store access and refresh tokens securely
- Implement automatic token refresh before expiration
- Use secure storage mechanisms (not localStorage for sensitive apps)
- Implement proper logout functionality to invalidate tokens
Rate Limiting
Rate Limiting
- Implement rate limiting to prevent brute force attacks
- Consider implementing account lockout after failed attempts
- Monitor for suspicious login patterns
- Use CAPTCHA for repeated failed attempts
Best Practices
Secure Token Storage
Store tokens securely using appropriate storage mechanisms for your application type.
Implement Auto-Refresh
Implement automatic token refresh before expiration to ensure uninterrupted access.
Handle Errors Gracefully
Implement proper error handling for authentication failures and network issues.