Login

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/gate/{project_id}/auth/login \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'

{
  "last_login_method": {}
}

POST

api

gate

{project_id}

auth

curl --request POST \
  --url https://org-api.hexoforge.dev/api/v1/gate/{project_id}/auth/login \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'

{
  "last_login_method": {}
}

Authenticates a user with email and password. Requires X-API-Key. If the user has TOTP enabled, tokens are not returned until you call Login TOTP.

Request body

string

required

Valid email.

password

string

required

Max 128 characters.

Response

200 — standard login
200 — TOTP required

{
  "access_token": "eyJhbGciOiJSUzI1NiIs...",
  "refresh_token": "dGhpcyBpcyBhIHJlZnJlc2g...",
  "token_type": "bearer",
  "expires_in": 900,
  "requires_totp": false,
  "login_ticket": null,
  "last_login_method": "email"
}

{
  "access_token": null,
  "refresh_token": null,
  "token_type": "bearer",
  "expires_in": null,
  "requires_totp": true,
  "login_ticket": "a1b2c3d4e5f6...",
  "last_login_method": null
}

Send login_ticket and the TOTP code to /login/totp. Tickets expire in 5 minutes.

Reflects the previous authentication method (for example email, email_totp). Use for “Last signed in with…” hints. null on the user’s first login.

Status codes

Code	Meaning
200	Success or TOTP step required
401	Invalid email or password
403	Account disabled, email not verified, IP block, or firewall deny
429	Rate limited

⌘I

Overview

Gate API

Public API

Request body

Response

Status codes

Overview

Gate API

Public API

Documentation Index

​Request body

​Response

​Status codes

Request body

Response

Status codes