Login

POST

/auth/login

Authenticate user and return tokens.

Validates email/password, generates JWT access token (15-min TTL) and refresh token (7-day TTL).

Args: request: Login credentials http_request: HTTP request object (for audit logging) db: Database session

Returns: Access and refresh tokens

Raises: 401: Invalid credentials or user not found 429: Account locked due to too many failed attempts

Request Body^required

LoginRequest

Request schema for user login.

Note: Password max_length=128 is a security control (LOW-001) to prevent DoS attacks via CPU-intensive Argon2id hashing of very long passwords.

object

email

required

Email

Email address

string format: email

password

required

Password

Password

string

>= 1 characters <= 128 characters

business_id

required

Business Id

Business/tenant UUID

string

Responses

200

Successful Response

TokenResponse

Access token response.

object

access_token

required

Access Token

string

refresh_token

Any of:

string
null

string

token_type

Token Type

string

default: Bearer

expires_in

required

Expires In

TTL in seconds

integer

user

Any of:

UserResponse
null

UserResponse

User information in responses.

object

required

string

email

required

Email

string

full_name

required

Any of:

string
null

string

business_id

required

Business Id

string

roles

Roles

Array<string>

default:

401

Unauthorized

ErrorResponse

Error response.

object

error

required

Error

Error code

string

message

required

Message

Error message

string

422

Validation Error

HTTPValidationError

object

detail

Detail

Array<object>

ValidationError

object

loc

required

Location

Array

msg

required

Message

string

type

required

Error Type

string

input

Input

ctx

Context

object

Login

Request Body required

Responses

200

401

422

Request Body^required