Skip to main content
POST
/
api
/
login
cURL
curl --request POST \
  --url https://www.wassly.com/api/login \
  --header 'Content-Type: application/json' \
  --header 'apikey: <api-key>' \
  --data '
{
  "email": "hatem.gaballah@gmail.com",
  "password": "abc123$"
}
'
{
  "success": true,
  "message": "Login Successfully",
  "data": {
    "id": 2,
    "name": "User Name",
    "role_id": 3,
    "client_id": 1,
    "phone": "+{mobile_number}",
    "email": "user@example.com",
    "location": "",
    "profile_image": "https://www.wassly.com/public/images/20251216152039image_163x116_user_436.png",
    "openai_api_key": null,
    "token": "{token}"
  }
}

Overview

This endpoint authenticates users and initiates a login session. It validates user credentials (email and password) and returns authentication tokens or session information upon successful authentication.

Request Details

Required Fields

  • email (string, required): The user’s registered email address
    • Must be a valid email format
    • Example: user@example.com
  • password (string, required): The user’s account password
    • Should meet the application’s password requirements
    • Transmitted securely over HTTPS

Request Headers

  • Content-Type: application/json - Indicates JSON payload
  • Accept: application/json - Expects JSON response
  • apikey: xxx - Can be generated from the admin dashboard

Expected Response

Success Response (200 OK)

Returns authentication credentials and user information:
  • Authentication token(s) for subsequent API requests
  • User profile data
  • Session expiration details

Error Responses

  • 400 Bad Request: Missing or invalid email/password format
  • 401 Unauthorized: Invalid credentials
  • 429 Too Many Requests: Rate limit exceeded
  • 500 Internal Server Error: Server-side error

Authentication Flow

  1. User submits email and password via POST request
  2. Server validates credentials against stored user data
  3. Upon successful validation:
    • Authentication token is generated
    • Session is created
    • Token and user data are returned
  4. Client stores token for authenticated requests
  5. Token is included in subsequent API calls (typically in Authorization header)

Usage Notes & Best Practices

  • Security: Always use HTTPS in production to protect credentials in transit
  • Token Storage: Store authentication tokens securely (e.g., httpOnly cookies, secure storage)
  • Error Handling: Never expose detailed error messages that could aid attackers
  • Password Requirements: Ensure passwords meet security standards (length, complexity)
  • Session Management: Implement proper logout functionality to invalidate tokens

Example Usage

POST {{baseUrl}}/api/login
Content-Type: application/json
{
  "email": "user@example.com",
  "password": "securePassword123"
}

Authorizations

apikey
string
header
required

Body

application/json
email
string
required
password
string
required

Response

OK

success
boolean
required
message
string
required
data
object
required