signInEmailPassword

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/signin/email-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "[email protected]",
  "password": "Str0ngPassw#ord-94|%"
}
'

{
  "session": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "accessTokenExpiresIn": 900,
    "refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "user": {
      "avatarUrl": "https://myapp.com/avatars/user123.jpg",
      "createdAt": "2023-01-15T12:34:56Z",
      "defaultRole": "user",
      "displayName": "John Smith",
      "emailVerified": true,
      "id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
      "isAnonymous": false,
      "locale": "en",
      "metadata": {
        "firstName": "John",
        "lastName": "Smith"
      },
      "phoneNumberVerified": false,
      "roles": [
        "user",
        "customer"
      ],
      "email": "[email protected]",
      "phoneNumber": "+12025550123",
      "activeMfaType": "<string>"
    }
  },
  "mfa": {
    "ticket": "mfaTotp:abc123def456"
  }
}

POST

signin

email-password

curl --request POST \
  --url https://{subdomain}.auth.{region}.nhost.run/v1/signin/email-password \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "[email protected]",
  "password": "Str0ngPassw#ord-94|%"
}
'

{
  "session": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "accessTokenExpiresIn": 900,
    "refreshTokenId": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "refreshToken": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
    "user": {
      "avatarUrl": "https://myapp.com/avatars/user123.jpg",
      "createdAt": "2023-01-15T12:34:56Z",
      "defaultRole": "user",
      "displayName": "John Smith",
      "emailVerified": true,
      "id": "2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24",
      "isAnonymous": false,
      "locale": "en",
      "metadata": {
        "firstName": "John",
        "lastName": "Smith"
      },
      "phoneNumberVerified": false,
      "roles": [
        "user",
        "customer"
      ],
      "email": "[email protected]",
      "phoneNumber": "+12025550123",
      "activeMfaType": "<string>"
    }
  },
  "mfa": {
    "ticket": "mfaTotp:abc123def456"
  }
}

Body

application/json

User credentials for email and password authentication

Request to authenticate using email and password

string<email>

required

User's email address

Example:

"[email protected]"

password

string

required

User's password

Required string length: 3 - 50

Example:

"Str0ngPassw#ord-94|%"

Response

Authentication successful. If MFA is enabled, a challenge will be returned instead of a session.

Response for email-password authentication that may include a session or MFA challenge

session

object

User authentication session containing tokens and user information

Show child attributes

session.accessToken

string

required

JWT token for authenticating API requests

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

session.accessTokenExpiresIn

integer<int64>

required

Expiration time of the access token in seconds

Example:

900

session.refreshTokenId

string

required

Identifier for the refresh token

Example:

"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"

session.refreshToken

string

required

Token used to refresh the access token

Example:

"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"

session.user

object

User profile and account information

Show child attributes

session.user.avatarUrl

string

required

URL to the user's profile picture

Example:

"https://myapp.com/avatars/user123.jpg"

session.user.createdAt

string<date-time>

required

Timestamp when the user account was created

Example:

"2023-01-15T12:34:56Z"

session.user.defaultRole

string

required

Default authorization role for the user

Example:

"user"

session.user.displayName

string

required

User's display name

Example:

"John Smith"

session.user.emailVerified

boolean

required

Whether the user's email has been verified

Example:

true

session.user.id

string

required

Unique identifier for the user

Example:

"2c35b6f3-c4b9-48e3-978a-d4d0f1d42e24"

session.user.isAnonymous

boolean

required

Whether this is an anonymous user account

Example:

false

session.user.locale

string

required

User's preferred locale (language code)

Required string length: 2

Example:

"en"

session.user.metadata

object

required

Custom metadata associated with the user

Example:

{ "firstName": "John", "lastName": "Smith" }

session.user.phoneNumberVerified

boolean

required

Whether the user's phone number has been verified

Example:

false

session.user.roles

string[]

required

List of roles assigned to the user

Example:

["user", "customer"]

session.user.email

string<email>

User's email address

Example:

"[email protected]"

session.user.phoneNumber

string

User's phone number

Example:

"+12025550123"

session.user.activeMfaType

string | null

Active MFA type for the user

mfa

object

Challenge payload for multi-factor authentication

Show child attributes

mfa.ticket

string

required

Ticket to use when completing the MFA challenge

Example:

"mfaTotp:abc123def456"

/signin/anonymous /signin/idtoken

⌘I

Backend Services

Client Libraries

Client Libraries (deprecated)

CLI

Body

Response