Login
Authenticate a user with email and password.
POST /api/auth/loginThe system will automatically set authentication cookies bsh_access_token and bsh_refresh_token with the generated tokens upon login.
Password requirements:
- Length: 6-12 characters.
- At least one uppercase letter.
- At least one lowercase letter.
- At least one number.
The system uses the secret env:jwt.secret to generate access tokens.
Before starting the instance, make sure to provide your JWT secret via environment variables as described here.
Request Body
{
"email": "user@example.com",
"password": "password123"
}Response
{
"data": [
{
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
}
]
...
}User Status
| Status | Description | can login |
|---|---|---|
ACTIVATED | User account is activated. | Yes |
REQUIRED_ACTIVATION | User account is not activated. | No |
REQUIRED_RESET_PASSWORD | User need to reset the password. | No |
DISABLED | User account is disabled. | No |
LOCKED | User account is locked. | No |
