Project User Login API

The only way for a register user to access the protected content is to log in first via api.

User Login Via GraphQL

note

These GraphQL Queries & Mutation (userLogin, userRegistration) and Endpoints (/system/auth/login and /system/auth/register) is available only after the successful configuration of Authentication AddOns from Settings

Via GraphQL Query

query UserLoginQuery {
  userLogin(secret: "mysecretpassword1234", email: "[email protected]") {
    refresh_token
    id_token
  }
}

Via RESTful API

curl -X POST "https://api.apito.io/secured/rest/project-id/system/auth/login"
-H  "accept: application/json" -H  "Authorization: Bearer API_SECRET" -H  "Content-Type: application/json"
-d "{\"email\":\"[email protected]\",\"secret\":\"mysecretpassword1234\"}"

Login Response

{
  "data": {
    "userLogin": {
      "id_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im5ld3VzZXJAZ21haWwuY29tIiwiZXhwIjoxNjE3NjgxOTkyLCJpYXQiOjE2MTc1OTU1OTIsImp0aSI6InY5SlhJVUpjS0diV0RFaTB3WWFERGsyWW1CR3o5c0JIIiwicHJvamVjdCI6InF1YW50dW1fZWNvbW1lcmNlX2RkbGo0Iiwicm9sZSI6ImF1dGh1c2VyIiwidXNlciI6ImY2ZGU1NzUyLWFlMDgtNGFiZS1hNzc4LTUzMjNkNDVlNTVlZiJ9.kFUQa8w0HsM00H1Rn-sr3yLlfvWVNsFeux0jghBnQ0_oXUQHE1y8a_yPSqEOX6tcb1LqcH2uWAeFPLbL5rx4cNZ_uCHvgIiDlQRUX4OZ_NtRrNgk35Me0serNupF3Jl1EWxdCYZjvIbO2a0hh0FGtl6Fy0dcgpWjbp1gW7Oxe1jzcuheawnYHemuI85qqUdGk2TnVPYfCYQRclqwbRnWzzGbRebUN9ayJQkbmlegrPqgB5Iw3FIGdHC95rqgCKNEOhbm7mMtkTbjAtqJBmabSGalw1MUxhNqUB-Gr9GeiV2STHoh07x5sPr61ekUTJ0zPH4zz-XhTUpuab0VvZZLCg",
      "refresh_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2MjAxODc1OTIsImlhdCI6MTYxNzU5NTU5MiwianRpIjoiUU9hNXE1RWRZR1V4SEZNNm1HeUNDekZZa0RCM1NhT1UiLCJwcm9qZWN0IjoicXVhbnR1bV9lY29tbWVyY2VfZGRsajQiLCJyb2xlIjoiYXV0aHVzZXIiLCJ1c2VyIjoiZjZkZTU3NTItYWUwOC00YWJlLWE3NzgtNTMyM2Q0NWU1NWVmIn0.SIe8ZXsGuvG_DjvSwg64d88UqsqpxDoiOcqROAsu-nQ2ljNyBqnAHi8kzLnRfXWfUo2wMnvKwlh2FqJhyDy4FteUzWSkingj3PhtjSXPcoBmbQlsjQGgY4skntmxJketM01qC_wOnZDRICQLAJ6Tai_JmaRlD6KcZydJXOLPFpvz2_UwLkQL4jFDNtubFfCtxXbggY1wJXX0Lzt488h8Xovd0_pimWX47rD0NzYkZDLCGUC9U47iVTys_yXgu6DTG-vjXMl0WlvveiZiu841zO6e2qrt_HDAkzBId7ud_s1pG7Miv0ph_XDPLG5ny73i5gWBA6EDfcx1JwGnX-BUNg"
    }
  }
}

Login & Registration generates a Standard JWT token. You can use the id_token from the response as a Bearer Token to call your GraphQL or RESTful API and get the same response as using API_SECRET the only difference is the permission that the id_token has. Go to the next topic to learn more about using this Login Token.