Oloid

The Login API provides a mechanism for users to authenticate against the system and receive tokens for accessing protected resources. This document outlines the API request and response formats for the login operation.

The request body, referred to as loginRequest, must be a JSON object containing the credentials of the user attempting to log in.

UserName (string): The username or ClientID of the user attempting to log in.

TenantName (string): The name of the tenant that the user belongs to.

Password (string): The password or Secret of the user.

- UserName (string): The username or ClientID of the user attempting to log in.
- TenantName (string): The name of the tenant that the user belongs to.
- Password (string): The password or Secret of the user.

Note - Even when using "ClientID", "Secret" use "UserName" and "Password" as key in the payload

{ "UserName": "string", "TenantName": "string", "Password": "string" }

The response body contains the cognito tokens required for authentication and authorization in subsequent API requests.

cognitoToken (object): An object containing the tokens and related information.

- ChallengeParameters (object): An object containing challenge parameters (if any). This is typically empty ({}) but included for completeness.
- AuthenticationResult (object): An object containing the authentication result.
 - IdToken (string): The JWT token that serves as the identity token.
 - TokenType (string): The type of token provided.
 - ExpiresIn (integer): The expiration time of the token in seconds.
 - RefreshToken (string): The token used to refresh the authentication when the current token expires.
 - AccessToken (string): The token used to access API resources.

- cognitoToken (object): An object containing the tokens and related information.
 - ChallengeParameters (object): An object containing challenge parameters (if any). This is typically empty ({}) but included for completeness.
 - AuthenticationResult (object): An object containing the authentication result.
 - IdToken (string): The JWT token that serves as the identity token.
 - TokenType (string): The type of token provided.
 - ExpiresIn (integer): The expiration time of the token in seconds.
 - RefreshToken (string): The token used to refresh the authentication when the current token expires.
 - AccessToken (string): The token used to access API resources.

{ "cognitoToken": { "ChallengeParameters": {}, "AuthenticationResult": { "IdToken": "string", "TokenType": "string", "ExpiresIn": 0, "RefreshToken": "string", "AccessToken": "string" } } }

The Login API should be accessed over HTTPS to ensure the confidentiality and integrity of the transmitted credentials.

Passwords should be stored securely and never logged or written to any insecure location.

Tokens should be securely stored on the client side and transmitted using the Authorization header in API requests requiring authentication.

- The Login API should be accessed over HTTPS to ensure the confidentiality and integrity of the transmitted credentials.
- Passwords should be stored securely and never logged or written to any insecure location.
- Tokens should be securely stored on the client side and transmitted using the Authorization header in API requests requiring authentication.

In case of an error (e.g., incorrect username or password), the API will return an appropriate HTTP status code (e.g., 401 Unauthorized) along with a JSON object describing the error.

Login API Documentation

Contact Us

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

url(https://downloads.intercomcdn.com/i/o/521816/bbaa55e76572efcea424ae86/01feabefb557f96ce544370e14990f65.png)

Overview

Endpoint

Domain

Request

Request Body Parameters

Example Request

Response

Response Body Parameters

Example Response

Security Considerations

Error Handling