Skip to main content

Log in with email and password

POST 

/api/v1/auth/login

Authenticate with email and password.

If the user has 2FA enabled, returns TwoFactorLoginResponse with a partial_token; the client completes login via POST /auth/login/2fa. Otherwise returns a full JWT Token.

  • Trusted-device short-circuit: a valid __Host-aisafe_trusted_device cookie skips the 2FA challenge. Invalid/expired/tampered cookies fall through to the normal 2FA prompt and are cleared from the response.
  • Rate limits: 10 / 15 min / IP (auth_password tier) + per-email limiter.

Request

Responses

Successful Response