Documentation Index Fetch the complete documentation index at: https://mintlify.com/ti-infinite/GSMApplication/llms.txt
Use this file to discover all available pages before exploring further.
The login endpoint authenticates a user within a specific company tenant. On success the server returns a signed JWT alongside an expiry timestamp, and simultaneously writes the same token into a gsm_token HttpOnly, SameSite=Strict cookie so browser-based clients never need to handle the raw token themselves. All calls must be routed through the GSM Gateway; the gateway strips the /api/security prefix and forwards the request to the internal Auth microservice.
Credentials are transmitted as plain JSON in the request body. Always terminate connections with TLS (HTTPS) in production. Sending a password over an unencrypted connection exposes it to network interception. Never call this endpoint from a non-HTTPS origin.
Endpoint POST /api/security/v1/auth/login
Authentication: None — this endpoint is publicly accessible ([AllowAnonymous]).Content-Type: application/jsonRequest Body The unique identifier of the company (tenant) the user belongs to. Must be a non-empty string. This value selects the correct tenant database before credential verification begins.
The username of the account attempting to log in. Minimum length: 1 character.
The account password in plain text. Minimum length: 1 character. Transmit only over HTTPS.
Response All responses share the ApiResponse<T> envelope:
true when authentication succeeded; false on any error.
A human-readable status message (e.g., "Login successful.", "Invalid credentials.").
Present only when success is true. The signed JWT. This is the same value written into the gsm_token cookie. Include it as Authorization: Bearer <token> for server-to-server calls.
expiresAtUtc
string (ISO 8601 datetime)
UTC timestamp indicating when the token expires. Example: "2025-06-01T12:00:00Z".
Authenticated user details. Show AuthenticatedUserDto
Unique identifier of the authenticated user.
Display name of the user.
User’s email address, if configured.
Numeric identifier of the user’s permission profile.
When true, the user must change their password before accessing protected resources.
Optional location tag associated with the user account.
Optional department tag associated with the user account.
Populated only when success is false. One of: Validation, Unauthorized, NotFound, BadRequest, Conflict, Internal, Forbidden.
An optional correlation identifier for distributed tracing. Useful when reporting issues to support.
Optional extended error detail returned in non-production environments.
Cookie set on success Name Attributes gsm_tokenHttpOnly, SameSite=Strict, Path=/, expires at ExpiresAtUtc
The browser will automatically attach this cookie to every subsequent same-origin request. You do not need to read or forward it manually from client-side JavaScript.
HTTP Status Codes Status errorTypeScenario 200 OK— Authentication succeeded. Token and user data returned. 400 Bad RequestValidationOne or more required fields are missing or empty. 401 UnauthorizedUnauthorizedCredentials were provided but are incorrect; user may also be inactive. 404 Not FoundNotFoundThe specified idCompany does not exist, or the user was not found in that tenant. 500 Internal Server ErrorInternalAn unexpected server-side error occurred.
Examples cURL curl --request POST \ --url https://your-gateway-host/api/security/v1/auth/login \ --header 'Content-Type: application/json' \ --data '{ "idCompany": "GSM001", "user": "admin", "password": "Admin123*" }'
TypeScript (fetch) interface AuthenticatedUserDto { idUser : string ; username : string ; fullName : string ; email : string | null ; idProfile : number ; passwordChangeRequired : boolean ; location : string | null ; department : string | null ; } interface LoginDto { token : string ; expiresAtUtc : string ; user : AuthenticatedUserDto ; } interface ApiResponse < T > { success : boolean ; message : string ; data : T | null ; errorType : string | null ; traceId : string | null ; details : string | null ; } async function login ( idCompany : string , user : string , password : string ) : Promise < ApiResponse < LoginDto >> { const response = await fetch ( "/api/security/v1/auth/login" , { method: "POST" , credentials: "include" , // ensures the gsm_token cookie is stored and sent headers: { "Content-Type" : "application/json" , }, body: JSON . stringify ({ idCompany: idCompany , user: user , password: password }), }); const result : ApiResponse < LoginDto > = await response . json (); if ( ! result . success ) { // result.errorType is e.g. "Unauthorized", "NotFound", "Validation" throw new Error ( `Login failed [ ${ result . errorType } ]: ${ result . message } ` ); } // The gsm_token cookie has been set automatically by the server. // For server-to-server calls you can also read result.data.token directly. if ( result . data ?. user . passwordChangeRequired ) { console . warn ( "User must change their password before proceeding." ); } return result ; }
Success response example { "success" : true , "message" : "Login successful." , "data" : { "token" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." , "expiresAtUtc" : "2025-06-01T12:00:00Z" , "user" : { "idUser" : "3fa85f64-5717-4562-b3fc-2c963f66afa6" , "username" : "admin" , "fullName" : "System Administrator" , "email" : "admin@company.com" , "idProfile" : 1 , "passwordChangeRequired" : false , "location" : null , "department" : "IT" } }, "errorType" : null , "traceId" : null , "details" : null }
Invalid credentials response example { "success" : false , "message" : "Invalid credentials." , "data" : null , "errorType" : "Unauthorized" , "traceId" : null , "details" : null }