Login API (Normal and 2FA)
The Login API allows users to authenticate and receive access and refresh tokens. It supports Two-Factor Authentication (2FA) and a "Remember Me" option for extended token expiration.
Endpoint
- URL:
/api/v1/accounts/login/ - Method:
POST - Permission Required: None (Public Endpoint)
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
email |
String | Yes | User's email address. |
password |
String | Yes | User's password. |
remember_me |
Boolean | No | Extends token expiration if set to true. |
Example Request
{
"email": "user@example.com",
"password": "securepassword",
"remember_me": true
}
Response
Success (200):
If Two-Factor Authentication is enabled:
{
"temp_token": "uuid-string",
"message": "OTP sent to your email. Please verify to complete login."
}
Response Payload (Success - No 2FA)
{
"token": {
"access": "access-token",
"refresh": "refresh-token"
},
"remember_me": true,
"msg": "Login Success"
}
Response Payload (Error)
{
"errors": {
"non_field_errors": ["Email or Password is not valid"]
}
}
Login OTP Verification API
This API allows users to verify the OTP sent to their email during login if Two-Factor Authentication (2FA) is enabled.
1. Verify OTP for Login
Endpoint: api/v1/accounts/verify_login_otp/
Method: POST
Permissions: AllowAny
This endpoint verifies the OTP sent to the user's email. The user must provide the temporary token and OTP received to complete the login.
Request Payload
{
"email": "user@example.com",
"otp": "123456"
}
Request Headers
{
"X-TEMP-TOKEN": "temporary-token-uuid"
}
Response Payload (Success)
{
"token": {
"access": "access-token",
"refresh": "refresh-token"
},
"msg": "Login Success"
}
Response Payload (Error - Invalid Temp Token)
{
"error": "Invalid or expired temporary token."
}
Response Payload (Error - Invalid OTP)
{
"error": "Invalid OTP."
}
Response Payload (Error - OTP Expired)
{
"error": "OTP has expired or is invalid."
}