POST /auth/login — Sign in with email or username/password

Call POST /auth/login to authenticate an existing user and receive a JWT access token and refresh token. You can identify the user by either their email address or their username — provide one or the other along with their password. The returned tokens work identically to those issued by POST /auth/guest.

Endpoint

Field	Value
Method	`POST`
Path	`/auth/login`
Auth required	No
Rate limit	5 per minute

Request body

Provide either email or username together with password. You do not need to supply both email and username.

string

The user’s email address. Required if username is not provided.

username

string

The user’s username. Required if email is not provided.

password

string

required

The user’s password.

Response fields

Status: 200 OK

access_token

string

required

JWT access token. Include this in the Authorization: Bearer <token> header on subsequent requests.

expires_in

integer

required

Number of seconds until the access token expires.

refresh_token

string

required

Token used to obtain a new access token when the current one expires. See POST /auth/refresh.

Example

cURL

curl --request POST \
  --url https://api.drssed.com/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "[email protected]",
    "password": "s3cr3tpassword"
  }'

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "refresh_token": "drt_a1b2c3d4e5f6..."
}

Documentation Index

​Endpoint

​Request body

​Response fields

​Example

Endpoint

Request body

Response fields

Example