Skip to main content
Login API Documentation
Updated over a week ago


The Login API provides a mechanism for users to authenticate against the system and receive tokens for accessing protected resources. This document outlines the API request and response formats for the login operation.


POST /Login


The request body, referred to as loginRequest, must be a JSON object containing the credentials of the user attempting to log in.

Request Body Parameters

  • UserName (string): The username of the user attempting to log in.

  • TenantName (string): The name of the tenant that the user belongs to.

  • Password (string): The password of the user.

Example Request

"UserName": "string",
"TenantName": "string",
"Password": "string"


The response body contains the cognito tokens required for authentication and authorization in subsequent API requests.

Response Body Parameters

  • cognitoToken (object): An object containing the tokens and related information.

    • ChallengeParameters (object): An object containing challenge parameters (if any). This is typically empty ({}) but included for completeness.

    • AuthenticationResult (object): An object containing the authentication result.

      • IdToken (string): The JWT token that serves as the identity token.

      • TokenType (string): The type of token provided.

      • ExpiresIn (integer): The expiration time of the token in seconds.

      • RefreshToken (string): The token used to refresh the authentication when the current token expires.

      • AccessToken (string): The token used to access API resources.

Example Response

"cognitoToken": {
"ChallengeParameters": {},
"AuthenticationResult": {
"IdToken": "string",
"TokenType": "string",
"ExpiresIn": 0,
"RefreshToken": "string",
"AccessToken": "string"

Security Considerations

  • The Login API should be accessed over HTTPS to ensure the confidentiality and integrity of the transmitted credentials.

  • Passwords should be stored securely and never logged or written to any insecure location.

  • Tokens should be securely stored on the client side and transmitted using the Authorization header in API requests requiring authentication.

Error Handling

In case of an error (e.g., incorrect username or password), the API will return an appropriate HTTP status code (e.g., 401 Unauthorized) along with a JSON object describing the error.

Did this answer your question?