Initial Authentication Request

The initial login request is simple in that it just requires the users email and password sent in a POST request.

The response can vary depending if the user has Two-Factor Authentication enabled or not. See examples for more detail.

If the user has Two-Factor Authentication enabled, the mfa_key, sent back has en expiry time of 5 minutes. If the userdoes not manage to input the MFA token during this time, you should present them with the login form again.

In case of an error, the response will have the success property set to false, and there will be an error property with a human readable error message.

Auth

Initial Authentication Request#

Initial Authentication Request