Skip to content

Sign in API

Sign In

Sign In is an action on user entity. Sign in takes two inputs:

  • Email
  • Password

When the user initiates Sign in action, the following things happen:

  • Check if guests can peek users table (Peek permission)
  • Check if guests can peek the particular user (Peek Permission)
  • Match if the provided password bcrypted matches the stored bcrypted password
  • If true, issue a JWT token, which is used for future calls

The main outcome of the Sign In action is the jwt token, which is to be used in the Authorization header of following calls.

The token includes the current auth_version for the user account. When the user's password is changed or reset, Daptin increments this server-owned version and all older JWTs for that user stop working. Clients should treat a 401 Unauthorized response as a signal to remove the stored token and ask the user to sign in again.

Sign in CURL example

POST call for sign in

curl 'http://localhost:6336/action/user_account/signin' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Accept: application/json, text/plain, */*' \
--data-binary '{"attributes":{"email":"<Email>","password":"<Password>"}}'

[
  {
    "ResponseType": "client.store.set",
    "Attributes": {
      "key": "token",
      "value": "<AccessToken>"
    }
  },
  {
    "ResponseType": "client.notify",
    "Attributes": {
      "message": "Logged in",
      "title": "Success",
      "type": "success"
    }
  },
  {
    "ResponseType": "client.redirect",
    "Attributes": {
      "delay": 2000,
      "location": "/",
      "window": "self"
    }
  }
]