The login endpoint verifies a user’s identity within a specific tenant and issues a new JWT token pair on success. Because La Oficina Nítida is multi-tenant, a user is identified by the combination of their email address and their organization’s NIT — not by email alone. This allows the same email to exist in different organizations without conflict. Every successful login updates the user’sDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Glemynart/SaaS/llms.txt
Use this file to discover all available pages before exploring further.
lastLoginAt timestamp and writes a LOGIN audit event containing the caller’s IP address and user-agent string.
Endpoint
200 OK on success.
Request body
The Colombian NIT of the organization the user belongs to, without the check digit. Used to look up the correct tenant before verifying the user’s credentials.
The user’s email address. Compared against the tenant-scoped user record (case-insensitive).
The user’s plain-text password. Compared against the stored bcrypt hash. Never logged or persisted.
Response
A200 OK response with the following shape:
Signed JWT valid for 15 minutes. Include as
Authorization: Bearer {accessToken} on every protected request. Store in memory only — do not write to localStorage or sessionStorage.Opaque base64 string (
base64(tokenId:secret)) valid for 7 days. Use with POST /auth/refresh to obtain a new token pair. Store in an httpOnly cookie when possible.Example request
Example response
Login audit
Every successful login is recorded in theAuditLog table with:
action:"LOGIN"entityType:"Auth"tenantIdanduserIdof the authenticated usermetadata:{ "ip": "...", "userAgent": "..." }capturing the caller’s IP address and browser/client string
Error cases
| Status | Cause |
|---|---|
401 Unauthorized | The tenantNit does not match any tenant; the email does not exist within that tenant; the password is incorrect; or the user account is inactive. All credential errors return the same generic message to prevent user enumeration. |
400 Bad Request | The tenant exists but its activo flag is false — the organization has been deactivated. |
429 Too Many Requests | More than 5 login requests per minute from the same IP address. |