# Login with password Authenticate a user with the email and password that they provided when registering. Given that the user credentials are correct, this returns a token that can then be used to authorise other secured operations. In case the password is expired, a temporary token is returned, which can be used solely for updating the password. The token returned is valid for 5 minutes from last activity. Endpoint: POST /login_with_password Version: v3 Security: api-key ## Request fields (application/json): - `email` (string, required) E-mail Address of the user - `password` (object, required) The user's password or passcode used to log in a user. Passwords must be: - minimum 8 characters for end-users (Consumers and Corporates); 12 characters for others - maximum 30 characters - include a lowercase character - include an uppercase character - include a digit and a special character - different from any of the 5 last such passwords used. For non-PCI compliant integrations, the password submitted must be tokenised. - `password.value` (string, required) ## Response 200 fields (application/json): - `token` (string) An authorisation token (valid for 5 minutes from last activity) identifying the user to be used in the auth_token authorization header for secured operations. - `tokenType` (string) The auth token received can only be used to access the following endpoints: - /identities - /access_token Enum: "NO_TYPE", "AUTH", "ACCESS" - `identity` (object) The identity to which the logged-in user belongs to. - `identity.type` (string, required) Indicates the identity type. Enum: "CONSUMER", "CORPORATE" - `identity.id` (string, required) The identifier for the identity. - `credentials` (object) The unique identifier for the logged-in user. - `credentials.type` (string, required) The type of user. Enum: "ROOT", "USER", "API_CLIENT" - `credentials.id` (string, required) The identifier of the user. ## Response 400 fields (application/json): - `message` (string) When present helps to identify and fix the problem. - `syntaxErrors` (object) Is returned as part of an HTTP error response whenever a syntax error is detected. A list of the fields together with their syntax error will be provided. - `syntaxErrors.invalidFields` (array) - `syntaxErrors.invalidFields.params` (array) - `syntaxErrors.invalidFields.fieldName` (string) - `syntaxErrors.invalidFields.error` (string) Enum: "REQUIRED", "HAS_TEXT", "REQUIRES", "SIZE", "RANGE", "IN", "NOT_IN", "REGEX", "EXACTLY", "AT_LEAST", "AT_MOST", "ALL_OR_NONE" ## Response 404 fields (application/json): - `errorCode` (string) Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND" ## Response 409 fields (application/json): - `token` (string) Temporary authorisation token required to initiate the _passwordUpdate_ operation. ## Response 410 fields (application/json): - `errorCode` (string) Enum: "TOKEN_EXPIRED", "TOKEN_NOT_FOUND" ## Response default fields (application/json): - `code` (string) - `message` (string) ## Response 401 fields ## Response 403 fields ## Response 423 fields ## Response 429 fields ## Response 500 fields ## Response 503 fields