Password login (namespace-scoped)
const url = 'https://example.com/v1/ns/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/login';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"username":"example","email":"example","password":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/v1/ns/2489E9AD-2EE2-8E00-8EC9-32D5F69181C0/login \ --header 'Content-Type: application/json' \ --data '{ "username": "example", "email": "example", "password": "example" }'Authenticates a user owned by this namespace. On success the response is either a bootstrap LoginResponse (no TOTP enrolled — enroll one, then log in again) or a PasswordLoginChallengeResponse (TOTP enrolled — complete the 2FA step).
Parameters
Section titled “Parameters”Path Parameters
Section titled “Path Parameters”Namespace UUID
Request Bodyrequired
Section titled “Request Bodyrequired”Supply exactly one of username/email (username wins if both are set) plus the password.
object
Examplegenerated
{ "username": "example", "email": "example", "password": "example"}Responses
Section titled “Responses”Bootstrap token, or a 2FA challenge
Returned by the API-key login and the 2FA-exchange step with a full token, and by password login (no TOTP enrolled) with a bootstrap token.
object
The JWT to send as Authorization: Bearer <jwt>.
full grants every endpoint the user is authorized for; bootstrap only opens the TOTP-enrollment endpoints.
Returned by password login when the user has an active TOTP credential. Exchange the challenge for a full JWT at the matching .../login/2fa endpoint.
object
Example
{ "type": "full"}default
Section titled “default”Error response
RFC 7807 Problem Details
object
Problem type slug URI
Examplegenerated
{ "type": "example", "title": "example", "status": 1, "detail": "example"}