Authenticate a user and obtain a JWT access token.

post

https://localhost:44395/api/account/login

Behavior: Validates the user's credentials and, if successful, creates a new session and returns a JWT access token with a refresh token. Accounts that are disabled, expired, pending invitation, or pending approval will be rejected. Guest users must have a valid profile and permitted application access.

Authorization: Public endpoint — no authentication required.

Side Effects: Creates a new user session. The login event is recorded for auditing purposes.

Error Scenarios: Returns 400 if the request body is null. Returns 404 if authentication fails or the user cannot be found. Returns 403 if the user account is Disabled, Expired, PendingInvitation, or PendingApproval. LoginStatus on the response indicates the specific failure reason (e.g., IsDisabled, IsPendingEmailConfirmation, RequiresNewPassword).

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Body Params

A Nomad.Common.Models.Security.LoginRequestModel containing the user's email (UserName), password, and optional ApplicationId for session tracking.

Request model for authenticating a user and obtaining a JWT access token.

userName

string

required

length ≥ 1

Gets or sets the user's email address used as the login identifier. Required.

password

string

required

length ≥ 1

Gets or sets the user's current password. Required.

token

string | null

Gets or sets an authentication token, if available (e.g., for multi-factor authentication flows).

newPassword

string | null

Gets or sets the new password to set if the account requires a password change on login.

applicationId

uuid | null

Gets or sets the application identifier the user is logging in from, used for session tracking.

Headers

content-type

string

enum

Defaults to application/json-patch+json

Generated from available request content types

Allowed:

Responses

Language

Loading…

Response

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Authentication succeeded. Returns the JWT token, refresh token, user profile, and session information.

400The request body is null or missing required fields (UserName, Password).

404Authentication failed — invalid credentials or user not found.