Description

Exchange a username and password for a session token. The returned token.id is the bearer string used to authenticate subsequent Portal API requests.

This endpoint does not require authentication.

Request Body

The request body should be JSON-encoded.

• username: The user’s username.
• password: The user’s password.

Response Schema

On success, the endpoint returns the new session token and the authenticated user record.

• token.id: The bearer token string. Send this in the Authorization header on subsequent requests.
• token.userId: The ID of the user the token was issued to.
• user.userId: The user’s unique identifier.
• user.username: The user’s login username.
• user.isAdmin: true if the user has administrator privileges on this OEM instance, otherwise false. Administrators have elevated privileges and have access to management endpoints under Users & Team.
• user.isAccountOwner: true if the user is the owner of the account, otherwise false.
• user.account.id: The ID of the account the user belongs to.
• user.account.name: The display name of the account.

Error Responses

• 400 Bad Request: The request body is missing fields or is not valid JSON.
• 401 Unauthorized: The username does not exist, or the password is incorrect.

Example Request
POST https://<your-host>:9909/api/portal/v1/auth/login
Content-Type: application/json

{
    "username": "admin",
    "password": "admin"
}

Example Response
Status Code: 200 OK
Response Body:
{
    "token": {
        "id": "f3a1c0d4e5b6a7c8d9e0f1a2b3c4d5e6",
        "userId": 1
    },
    "user": {
        "userId": 1,
        "username": "admin",
        "isAdmin": true,
        "isAccountOwner": false,
        "account": {
            "id": 1,
            "name": "Default"
        }
    }
}