Login
Use the login endpoint to authenticate your user and allow them to access secure endpoints.
If your application is available on Safari please use the noATCookie parameter to get the access token in the response headers. Safari by default blocks 3rd party cookies, so you won't be able to use authentication.
Request data
HTTP method: POST
URL format: https://baseUrl/versionNumber/customEndpointRoute/userEndpoint?key=apiKey&login=true[&dataOnly=true][&noATCookie=true]
Example:
https://app.rested.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true[&dataOnly=true][&noATCookie=true]
Request Headers
| Header | Required | Description |
| Content-Type | Yes | Specifies the MIME type of the body of the Request. It must be application/json. |
Request Parameters
The following table describes the Request parameters.
| Parameter | Description | Required |
| baseUrl | Base url for calling the API. Value: app.rested.dev/api | Yes |
| versionNumber | Service version. Value: The current value is 1. | Yes |
| customEndpointRoute | The route which identifies custom endpoints. Default value: ce | Yes |
| userEndpoint | The endpoint name generated by the user. Value: the name created at https://app.rested.dev | Yes |
| key | The API Key of the project. | Yes |
| login | Required to perform a login. Value: true | Yes |
| dataOnly | If used, the endpoint response will be the POST body, without additional information such as ‘uniqueId’. Value: true | No |
| noATCookie | If used, the access token will be returned in the Authorization header instead of the httpOnly cookie. Use this if your application will be available on Safari, since 3rd party cookies are blocked by default. You should also use this if you plan to use authentication on non browser environments. Value: true | No |
POST body
The login endpoint expects a JSON with user credentials.
See the table below for more details:
| Parameter | Description | Required |
| username | Type: String | Yes - if email is not used |
| Type: String | Yes - if username is not used | |
| password | The user password. Type: String | Yes |
Note: Your users can log in with username or email, not both.
Response data
Error codes
| Error code | Description |
| 400 | Possible reasons:
|
| 401 | Invalid credentials. |
| 403 | Missing API Key, not allowed origin or disallowed request without orign. |
Successful response
{
uniqueId: "3f38bf9e1bb54d2396d1f1b8fbba1630",
data: { username: "usernameeee" },
createdAt: "2020-12-27T10:58:45.000Z",
updatedAt: "2020-12-27T10:58:45.000Z"
}
Response Cookies
| Cookie | Description |
| __Secure-rested-access-token | If the credentials are valid, the access token is sent in a httpOnly cookie as part of the response. httpOnly cookies are not accessible via JS. This token/cookie is valid for 30 days. To generate a new one a new login is required. This cookie is deleted when logout is performed. Note: The cookie is only returned if the noATCookie parameter is not used. |
Response Headers
| Header | Description |
| Authorization | If the credentials are valid and the noATCookie parameter is used, the access token will be returned in the Authorization header following the Bearer schema. The access token should be stored on the client side and sent in the Authorization header of the request for secure endpoints. |