Authenticate a user with username and password

POST 
/api/auth/login

Validates the provided credentials against the account identified by the short GUID. Returns a JWT app token and refresh token on success. Returns specific error responses for locked-out accounts, expired passwords, or users not permitted to log in.

Request

Responses

200

Returns the JWT app token and refresh token.

401

Authentication failed — credentials are invalid, account is locked out, or password has expired.

403

Caller does not have the required role.

404

The specified user was not found.

500

An unexpected server error occurred.