Authenticate User

Authenticates the given user and returns an auth token that represents that user. The user is identified by email address and the authenticated by the password.

Because there can be multiple reasons for failing authentication, the cause of failure is returned. Generally speaking, authentication can fail due to one of the following:

  • bad login: either the email address is not in the system, or the password supplied doesn't match the password on the account identified by the email address
  • the account has not yet been confirmed by the user
  • the account has been disabled

Other failures are possible and are given a code of “generic” in the error return information

URL format: https://host/upi/auth
HTTP Headers: x-xloak-k: APIkey
URL Parameters: None
POST body parameters: JSON structure that contains two fields, email and password, like so:

{“email”:emailAddress, “password”:password}

Returns: status code 200 if the email address identifies an account that has the given password. The body is similar to the following JSON:


status code 403 if the authentication failed. The returned body is similar to the following JSON:

{"message":"Unknown email or wrong password","info":{"code":"badlogin","message":"Unknown email or wrong password"},"result":"error"}