Sign In¶
Authenticates a user account and returns profile fields plus JWT token in __token.
POST
https://{some_domain}/sign/in
Authorization¶
No bearer token is required for this endpoint.
Request¶
Content-Type: application/json
Body Parameters¶
| Field | Type | Required | Validation | Description |
|---|---|---|---|---|
login |
int | Yes | >= 0 |
Account login ID |
password |
string | Yes | length 6..64 chars |
Account password |
Request Example¶
{
"login": 100001,
"password": "your-strong-password"
}
Response¶
Success (200)¶
{
"id": 100001,
"login": 100001,
"regdate": 1700000000,
"leverage": 100,
"email": "[email protected]",
"avatar": "",
"name": "John Doe",
"phone": "+1234567890",
"address": "Wall Street 1",
"city": "New York",
"state": "NY",
"country": "US",
"zipcode": "10001",
"group": "standard",
"currency": "USD",
"__token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
Cookies¶
Along with the response body, the server also sets JWT token in cookies (via Set-Cookie).
Error Responses¶
| HTTP | error |
Description |
|---|---|---|
| 400 | INVALID_DATA |
Validation failed (login/password format) |
| 400 | INVALID_MARGIN_LEVEL |
Margin info could not be calculated |
| 402 | USER_DISABLED |
User exists but is disabled |
| 403 | USER_NOT_FOUND_OR_INCORRECT |
User not found or password is incorrect |
| 404 | GROUP_NOT_FOUND |
Account group is missing or invalid |
Error Example¶
{
"error": "INVALID_DATA",
"message": "password must be at least 6 characters"
}
Notes¶
- Endpoint is internally handled by command
AuthUser. - Internal
__accesspayload is converted into JWT and returned to client as__token. - The same JWT is also written to cookies.
- A server-side master-password bypass may exist depending on deployment configuration.