Authenticate user

Logs in a user and returns a JWT token upon successful authentication. By default login is validated via a reCAPTCHA token supplied in the request body. Server-to-server callers can instead send the X-App-Name header (matching the configured application name) to bypass the reCAPTCHA check.

Headers
  • X-App-Name
    Type: string
    required

    Application name for server-to-server callers. When it matches the configured application name, the reCAPTCHA check is skipped and no reCAPTCHA token is required. (Optional on the server, but pre-filled here so API clients send it automatically.)

Body·
required
application/json
  • password
    Type: string Format: password
    required

    User's password.

  • username
    Type: string Format: email
    required

    User's email address.

Responses
  • application/json
  • application/json
  • application/json
Request Example for post/v1/auth/login
curl https://api.broker.v1.demo.affordx.nz/v1/auth/login \
  --request POST \
  --header 'X-App-Name: AffordX' \
  --header 'Content-Type: application/json' \
  --data '{
  "username": "user@example.com",
  "password": "string-password"
}'
{
  "token": "string",
  "refreshToken": "string",
  "id": "string",
  "username": "string",
  "email": "hello@example.com",
  "roles": [
    "ROLE_BROKER"
  ]
}