Skip to main content
This is a public endpoint. No authentication is required to call it.

Request

POST /api/auth/login

Body parameters

email
string
required
The user’s email address.
password
string
required
The user’s password.

Response

access_token
string
required
JWT Bearer token. Include this in the Authorization header of subsequent requests.
token_type
string
required
Token scheme. Always "bearer".
user
object
required
The authenticated user’s profile.

Using the token

After a successful login, include the access_token in the Authorization header of every request that requires authentication: 
Authorization: Bearer <access_token>
Tokens expire after 120 minutes by default. You can change this by setting the ACCESS_TOKEN_EXPIRE_MINUTES environment variable on the server.

Error responses

StatusDescription
401 UnauthorizedThe email or password is incorrect. Response body: {"detail": "Credenciales inválidas"}.
403 ForbiddenThe account exists but has been deactivated. Response body: {"detail": "Usuario desactivado"}.
422 Unprocessable EntityThe request body failed validation (e.g. missing field or invalid email format).
curl --request POST \
  --url https://your-domain.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "[email protected]",
    "password": "secret123"
  }'

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c3JfMDEiLCJleHAiOjE3MTE5OTk5OTl9.abc123",
  "token_type": "bearer",
  "user": {
    "id": "usr_01",
    "email": "[email protected]",
    "nombre": "Ana García",
    "rol": "MESA",
    "area": null
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us