Behavior Notes

• Full session: returns success=true with user, sessionId, expiresAt.
• Pending 2FA: returns success=false with requires_2fa=true, sessionId, available_methods, and user.
• Unverified account: when AUTH.verify_registration=true, returns 403 with code EMAIL_NOT_VERIFIED.

Reference: https://flowless.dev/operations/registerPublic.html

Login User

POST

/auth/login

Authenticate a user with email/username and password. Email is automatically converted to lowercase. Depending on account state and 2FA, this endpoint may return: (1) full session, (2) pending 2FA partial session, or (3) EMAIL_NOT_VERIFIED when AUTH.verify_registration=true and the account is not verified.

Request Body

application/json

{

  

"email": "user@example.com",

  

"password": "SecurePass123!"

}

Responses

Login processed - returns full session or pending 2FA partial session

Content-Type

application/json

{

  

"success": true,

  

"user": {

  

  

"id": "usr_123abc",

  

  

"email": "user@example.com",

  

  

"name": "John",

  

  

"last_name": "Doe",

  

  

"user_name": "johndoe",

  

  

"user_type": "customer",

  

  

"is_verified": true,

  

  

"two_factor": false

  

},

  

"sessionId": "ses_xyz789abc123",

  

"expiresAt": "2025-12-15T10:00:00Z"

}

POST

/auth/login

Playground

Server

Body

Samples

Powered by VitePress OpenAPI