Skip to main content
POST
/
auth
/
login
Login
curl --request POST \
  --url https://api.example.com/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "<string>",
  "password": "<string>"
}
'
{
  "access_token": "<string>",
  "token_type": "<string>",
  "user": {
    "id": 123,
    "name": "<string>",
    "email": "<string>"
  }
}
Authenticate with existing credentials and receive an access token.

Endpoint

POST /auth/login

Request Body

email
string
required
The user’s registered email address. Maximum 255 characters.Example: "john.doe@example.com"
password
string
required
The user’s password. Must be at least 8 characters.Example: "SecurePass123"

Response

access_token
string
JWT access token for authentication. Include this in the Authorization header for subsequent requests.Example: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsImV4cCI6MTcwOTU1MTIwMH0.abc123"
token_type
string
The type of token. Always returns "bearer".
user
object
The authenticated user object.

Example Request

cURL
curl -X POST "https://api.smarteat.ai/auth/login" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "john.doe@example.com",
    "password": "SecurePass123"
  }'
JavaScript
const response = await fetch('https://api.smarteat.ai/auth/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    email: 'john.doe@example.com',
    password: 'SecurePass123'
  })
});

const data = await response.json();
console.log(data.access_token);

// Store the token for subsequent requests
localStorage.setItem('access_token', data.access_token);
Python
import requests

response = requests.post(
    'https://api.smarteat.ai/auth/login',
    json={
        'email': 'john.doe@example.com',
        'password': 'SecurePass123'
    }
)

data = response.json()
print(data['access_token'])

# Store the token for subsequent requests
access_token = data['access_token']

Example Response

200 OK
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJqb2huLmRvZUBleGFtcGxlLmNvbSIsImV4cCI6MTcwOTU1MTIwMH0.abc123def456",
  "token_type": "bearer",
  "user": {
    "id": 1,
    "name": "John Doe",
    "email": "john.doe@example.com"
  }
}

Error Responses

401 Unauthorized - Invalid Credentials
{
  "detail": "Invalid email or password"
}
422 Unprocessable Entity - Missing Fields
{
  "detail": [
    {
      "type": "missing",
      "loc": ["body", "email"],
      "msg": "Field required",
      "input": {"password": "SecurePass123"}
    }
  ]
}
422 Unprocessable Entity - Invalid Email Format
{
  "detail": [
    {
      "type": "value_error",
      "loc": ["body", "email"],
      "msg": "value is not a valid email address",
      "input": "not-an-email"
    }
  ]
}
500 Internal Server Error
{
  "detail": "Error during authentication"
}

Using the Access Token

After successful login, use the returned access token in the Authorization header for authenticated requests: 
curl -X GET "https://api.smarteat.ai/auth/me" \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Token Expiration

Access tokens expire after 3000 minutes (50 hours). When a token expires, you will receive a 401 Unauthorized response and must login again to obtain a new token.

Security Considerations

Always use HTTPS when transmitting credentials and tokens.
  • Never store passwords in plain text
  • Use secure storage for access tokens (e.g., HTTP-only cookies, encrypted storage)
  • Implement proper error handling to avoid leaking information
  • Email addresses are case-insensitive (automatically converted to lowercase)
  • Failed login attempts should not reveal whether the email exists

Notes

  • Email addresses are automatically converted to lowercase and trimmed
  • The same token format is used for both registration and login
  • Both email and password must match exactly for authentication to succeed
  • The response includes the full user object for convenience