post__user_login

POST /user/login

User Login

Authenticate user with email and password.

This endpoint validates user credentials and returns JWT tokens for API access. The system checks:

Email exists and is active
Password matches stored hash
Account is not deleted or banned

Authentication Flow:

Submit email and password
System validates credentials
Returns JWT access token and refresh token
Use access token in Authorization header for API calls
Use refresh token to get new access token when expired

Token Expiration:

Access tokens expire after 1 hour
Refresh tokens have longer expiration
Use /user/refresh to renew access tokens

TypeScript Client Library

public userLogin = async (data: LoginBody): Promise<LoginResponse> => {
  return this.makeRequest<LoginResponse>('user/login', 'POST', data);
};

Code Samples

# You can also use wget
curl -X POST https://backend.flashback.tech/user/login \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

const inputBody = '{\n  "email": "[email protected]",\n  "password": "SecurePass123"\n}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/user/login',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://backend.flashback.tech/user/login',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://backend.flashback.tech/user/login', headers = headers)

print(r.json())

<?php

require 'vendor/autoload.php';

$headers = array(
    'Content-Type' => 'application/json',
    'Accept' => 'application/json',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

// Define array of request body.
$request_body = array();

try {
    $response = $client->request('POST','https://backend.flashback.tech/user/login', array(
        'headers' => $headers,
        'json' => $request_body,
       )
    );
    print_r($response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://backend.flashback.tech/user/login");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/user/login", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Body parameter

{
  "email": "[email protected]",
  "password": "SecurePass123"
}

Parameters

Name

Type

Required

Description

body

object

true

none

» email

body

string(email)

true

User's email address

» password

body

string

true

User's password

Example responses

200 Response

{
  "success": true,
  "accessToken": "string",
  "refreshToken": "string",
  "tokenId": "string",
  "expiresAt": 0,
  "user": {
    "id": "string",
    "email": "string",
    "name": "string",
    "orgId": "string"
  }
}

Responses

Status

Meaning

Description

Schema

200

Inline

401

Unauthorized

Authentication failed

Inline

Response Schema

Status Code 200

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

» accessToken

string

false

none

JWT access token for API authentication

» refreshToken

string

false

none

JWT refresh token for token renewal

» tokenId

string

false

none

Internal token identifier

» expiresAt

integer

false

none

Access token expiration timestamp

» user

object

false

none

»» id

string

false

none

User's unique identifier

»» email

string

false

none

User's email address

»» name

string

false

none

User's display name

»» orgId

string

false

none

Organization identifier

Status Code 401

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

» error_code

string

false

none

Specific authentication error

Enumerated Values

Property

Value

error_code

USER_NOT_FOUND

error_code

INVALID_PASSWORD

error_code

USER_INACTIVE

error_code

NO_PASSWORD_SET

To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth

Previousget__user_quota Nextpost__user_refresh

Last updated 3 months ago

Was this helpful?