# post\_\_user\_login `POST /user/login` *User Login* Authenticate user with email and password. This endpoint validates user credentials and returns JWT tokens for API access. The system checks: * Email exists and is active * Password matches stored hash * Account is not deleted or banned **Authentication Flow:** 1. Submit email and password 2. System validates credentials 3. Returns JWT access token and refresh token 4. Use access token in Authorization header for API calls 5. Use refresh token to get new access token when expired **Token Expiration:** * Access tokens expire after 1 hour * Refresh tokens have longer expiration * Use `/user/refresh` to renew access tokens #### TypeScript Client Library ```typescript public userLogin = async (data: LoginBody): Promise => { return this.makeRequest('user/login', 'POST', data); }; ``` #### Code Samples {% tabs %} {% tab title="Shell" %} ```shell # You can also use wget curl -X POST https://backend.flashback.tech/user/login \ -H 'Content-Type: application/json' \ -H 'Accept: application/json' \ -H 'Authorization: Bearer {access-token}' ``` {% endtab %} {% tab title="HTTP" %} ```http POST https://backend.flashback.tech/user/login HTTP/1.1 Host: localhost:3000 Content-Type: application/json Accept: application/json ``` {% endtab %} {% tab title="JavaScript" %} ```javascript const inputBody = '{\n "email": "john.doe@company.com",\n "password": "SecurePass123"\n}'; const headers = { 'Content-Type':'application/json', 'Accept':'application/json', 'Authorization':'Bearer {access-token}' }; fetch('https://backend.flashback.tech/user/login', { method: 'POST', body: inputBody, headers: headers }) .then(function(res) { return res.json(); }).then(function(body) { console.log(body); }); ``` {% endtab %} {% tab title="Ruby" %} ```ruby require 'rest-client' require 'json' headers = { 'Content-Type' => 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}' } result = RestClient.post 'https://backend.flashback.tech/user/login', params: { }, headers: headers p JSON.parse(result) ``` {% endtab %} {% tab title="Python" %} ```python import requests headers = { 'Content-Type': 'application/json', 'Accept': 'application/json', 'Authorization': 'Bearer {access-token}' } r = requests.post('https://backend.flashback.tech/user/login', headers = headers) print(r.json()) ``` {% endtab %} {% tab title="PHP" %} ```php 'application/json', 'Accept' => 'application/json', 'Authorization' => 'Bearer {access-token}', ); $client = new \GuzzleHttp\Client(); // Define array of request body. $request_body = array(); try { $response = $client->request('POST','https://backend.flashback.tech/user/login', array( 'headers' => $headers, 'json' => $request_body, ) ); print_r($response->getBody()->getContents()); } catch (\GuzzleHttp\Exception\BadResponseException $e) { // handle exception or api errors. print_r($e->getMessage()); } // ... ``` {% endtab %} {% tab title="Java" %} ```java URL obj = new URL("https://backend.flashback.tech/user/login"); HttpURLConnection con = (HttpURLConnection) obj.openConnection(); con.setRequestMethod("POST"); int responseCode = con.getResponseCode(); BufferedReader in = new BufferedReader( new InputStreamReader(con.getInputStream())); String inputLine; StringBuffer response = new StringBuffer(); while ((inputLine = in.readLine()) != null) { response.append(inputLine); } in.close(); System.out.println(response.toString()); ``` {% endtab %} {% tab title="Go" %} ```go package main import ( "bytes" "net/http" ) func main() { headers := map[string][]string{ "Content-Type": []string{"application/json"}, "Accept": []string{"application/json"}, "Authorization": []string{"Bearer {access-token}"}, } data := bytes.NewBuffer([]byte{jsonReq}) req, err := http.NewRequest("POST", "https://backend.flashback.tech/user/login", data) req.Header = headers client := &http.Client{} resp, err := client.Do(req) // ... } ``` {% endtab %} {% endtabs %} > Body parameter ```json { "email": "john.doe@company.com", "password": "SecurePass123" } ``` **Parameters** | Name | In | Type | Required | Description | | ---------- | ---- | ------------- | -------- | -------------------- | | body | body | object | true | none | | » email | body | string(email) | true | User's email address | | » password | body | string | true | User's password | > Example responses > 200 Response ```json { "success": true, "accessToken": "string", "refreshToken": "string", "tokenId": "string", "expiresAt": 0, "user": { "id": "string", "email": "string", "name": "string", "orgId": "string" } } ``` **Responses** | Status | Meaning | Description | Schema | | ------ | --------------------------------------------------------------- | --------------------- | ------ | | 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | Login successful | Inline | | 401 | [Unauthorized](https://tools.ietf.org/html/rfc7235#section-3.1) | Authentication failed | Inline | **Response Schema** Status Code **200** | Name | Type | Required | Restrictions | Description | | -------------- | ------- | -------- | ------------ | --------------------------------------- | | » success | boolean | false | none | none | | » accessToken | string | false | none | JWT access token for API authentication | | » refreshToken | string | false | none | JWT refresh token for token renewal | | » tokenId | string | false | none | Internal token identifier | | » expiresAt | integer | false | none | Access token expiration timestamp | | » user | object | false | none | none | | »» id | string | false | none | User's unique identifier | | »» email | string | false | none | User's email address | | »» name | string | false | none | User's display name | | »» orgId | string | false | none | Organization identifier | Status Code **401** | Name | Type | Required | Restrictions | Description | | ------------- | ------- | -------- | ------------ | ----------------------------- | | » success | boolean | false | none | none | | » error\_code | string | false | none | Specific authentication error | **Enumerated Values** | Property | Value | | ----------- | ----------------- | | error\_code | USER\_NOT\_FOUND | | error\_code | INVALID\_PASSWORD | | error\_code | USER\_INACTIVE | | error\_code | NO\_PASSWORD\_SET | To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flashback.tech/support-reference/platform-api-reference/user-account/post__user_login.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.