Skip to main content
POST
/
api
/
auth
/
login
Login
curl --request POST \
  --url https://api.example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'
{
  "success": true,
  "data": {
    "token": "<string>",
    "user": {
      "id": "<string>",
      "email": "<string>",
      "display_name": {},
      "role": "<string>",
      "created_at": "<string>"
    }
  },
  "error": {
    "code": 123,
    "message": "<string>"
  }
}

Description

Authenticates a user using email and password credentials. On successful authentication, returns a session token valid for 7 days. The session token is also set as an HTTP-only cookie.

Request Body

email
string
required
User’s email address. Must be a valid email format.
password
string
required
User’s password. Cannot be empty.

Response

success
boolean
Indicates whether the request was successful.
data
object

Example Request

curl -X POST https://api.heimdall.example/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "securepassword123"
  }'

Example Response

{
  "success": true,
  "data": {
    "token": "7a3f9c2e1b5d8a4c6e9f2b3a7c1d5e8f9a2b4c6d8e1f3a5b7c9d2e4f6a8b1c3d5e7f9",
    "user": {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "email": "[email protected]",
      "display_name": "John Doe",
      "role": "user",
      "created_at": "2026-03-12T10:30:00Z"
    }
  }
}

Error Responses

error
object

Validation Error (400)

{
  "success": false,
  "error": {
    "code": 400,
    "message": "Validation failed: password: Password is required"
  }
}

Invalid Credentials (401)

{
  "success": false,
  "error": {
    "code": 401,
    "message": "Invalid email or password"
  }
}

Internal Server Error (500)

{
  "success": false,
  "error": {
    "code": 500,
    "message": "Internal server error"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us