User login

POST

/auth/login

Authenticates using email and password. If the user belongs to a single tenant, returns a JWT immediately. If the user has multiple tenants, returns the tenant list (no token). Provide tenant_id to select a specific tenant.

Request Body ^required

Request to authenticate (login).

object

email

required

User email address.

string

password

required

User password.

string

tenant_id

Optional tenant_id to select when user has multiple memberships.

string | null format: uuid

Example

{
  "email": "[email protected]",
  "password": "s3cur3-p4ssw0rd"
}

Responses

200

Login response

Login response - either a token (single/selected tenant) or a tenant list.

object

access_token

The JWT access token (null if tenant selection required).

string | null

expires_in

Token lifetime in seconds (when access_token is present).

integer | null format: int64

tenants

required

List of tenants the user belongs to.

Array<object>

Summary of a tenant the user belongs to.

object

role

required

string

short_name

required

string

tenant_id

required

string format: uuid

Example

{
  "role": "admin",
  "short_name": "acme-corp",
  "tenant_id": "7c3e9f01-d47a-4e2b-b60a-8f9a3c5d7e12"
}

token_type

Token type (always “Bearer” when access_token is present).

string | null

Example

{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "tenants": [
    {
      "role": "admin",
      "short_name": "acme-corp",
      "tenant_id": "7c3e9f01-d47a-4e2b-b60a-8f9a3c5d7e12"
    }
  ],
  "token_type": "Bearer"
}

401

Invalid credentials

Unified error response body for all endpoints.

object

code

Optional machine-readable error code.

string | null

error

required

Human-readable error message.

string

500

Server error

Unified error response body for all endpoints.

object

code

Optional machine-readable error code.

string | null

error

required

Human-readable error message.

string