Skip to main content
Login API Documentation
Updated over 3 months ago

Overview

The Login API provides a mechanism for users to authenticate against the system and receive tokens for accessing protected resources. This document outlines the API request and response formats for the login operation.

Endpoint

POST /Login

Domain

Check with your account representative

Request

The request body, referred to as loginRequest, must be a JSON object containing the credentials of the user attempting to log in.

Request Body Parameters

  • UserName (string): The username or ClientID of the user attempting to log in.

  • TenantName (string): The name of the tenant that the user belongs to.

  • Password (string): The password or Secret of the user.

Note - Even when using "ClientID", "Secret" use "UserName" and "Password" as key in the payload

Example Request

{
"UserName": "string",
"TenantName": "string",
"Password": "string"
}

Response

The response body contains the cognito tokens required for authentication and authorization in subsequent API requests.

Response Body Parameters

  • cognitoToken (object): An object containing the tokens and related information.

    • ChallengeParameters (object): An object containing challenge parameters (if any). This is typically empty ({}) but included for completeness.

    • AuthenticationResult (object): An object containing the authentication result.

      • IdToken (string): The JWT token that serves as the identity token.

      • TokenType (string): The type of token provided.

      • ExpiresIn (integer): The expiration time of the token in seconds.

      • RefreshToken (string): The token used to refresh the authentication when the current token expires.

      • AccessToken (string): The token used to access API resources.

Example Response

{
"cognitoToken": {
"ChallengeParameters": {},
"AuthenticationResult": {
"IdToken": "string",
"TokenType": "string",
"ExpiresIn": 0,
"RefreshToken": "string",
"AccessToken": "string"
}
}
}

Security Considerations

  • The Login API should be accessed over HTTPS to ensure the confidentiality and integrity of the transmitted credentials.

  • Passwords should be stored securely and never logged or written to any insecure location.

  • Tokens should be securely stored on the client side and transmitted using the Authorization header in API requests requiring authentication.

Error Handling

In case of an error (e.g., incorrect username or password), the API will return an appropriate HTTP status code (e.g., 401 Unauthorized) along with a JSON object describing the error.

Did this answer your question?