User Login API
Authenticate users and receive access tokens for secure API interactions
User Login API
Authenticate users by providing email and password credentials. Returns a secure JWT access token for subsequent API requests.
Secure JWT Tokens
Industry-standard JSON Web Tokens with configurable expiration times.
Fast Authentication
Sub-50ms response times for seamless user experiences.
Rate Protected
Built-in brute force protection with intelligent rate limiting.
Endpoint Overview
/graphqlAuthenticate users by providing email and password credentials. Returns an access token for subsequent authenticated requests.
Request Parameters
emailString!RequiredThe email address associated with the user's account. Must be a valid email format.
passwordString!RequiredThe password corresponding to the provided email address. Passwords are never logged or stored in plain text.
GraphQL Mutation
mutation login($email: String!, $password: String!) {
login(email: $email, password: $password) {
accessToken
}
}Variables:
{
"email": "user@example.com",
"password": "your_secure_password"
}HTTP Request:
curl -X POST https://api.orbnet.com/graphql \
-H "Content-Type: application/json" \
-d '{
"query": "mutation login($email: String!, $password: String!) { login(email: $email, password: $password) { accessToken } }",
"variables": {
"email": "user@example.com",
"password": "your_secure_password"
}
}'Response
{
"data": {
"login": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
}
}{
"errors": [
{
"message": "Invalid email or password",
"path": ["login"],
"extensions": {
"code": "AUTHENTICATION_ERROR"
}
}
],
"data": null
}{
"errors": [
{
"message": "Too many login attempts. Please try again later.",
"path": ["login"],
"extensions": {
"code": "RATE_LIMITED",
"retryAfter": 300
}
}
],
"data": null
}{
"errors": [
{
"message": "Please verify your email address before logging in",
"path": ["login"],
"extensions": {
"code": "EMAIL_NOT_VERIFIED"
}
}
],
"data": null
}Using the Access Token
Once you receive the access token, include it in the Authorization header for all authenticated requests:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...Example Authenticated Request:
curl -X POST https://api.orbnet.com/graphql \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-d '{
"query": "query { me { id email name } }"
}'Best Practices
Secure Token Storage
Store access tokens in HTTP-only cookies or secure storage. Never expose tokens in client-side JavaScript or URLs.
Handle Token Expiry
Access tokens expire after 24 hours. Implement automatic refresh logic to maintain seamless user sessions.
Implement Retry Logic
On 429 errors, respect the retryAfter value. Use exponential backoff for transient failures.
Validate Before Sending
Validate email format and password requirements client-side before making API calls to reduce errors.
Error Handling
AUTHENTICATION_ERROR
Invalid email or password. Prompt user to check credentials and try again.
RATE_LIMITED
Too many attempts. Wait for the specified retryAfter period before retrying.
EMAIL_NOT_VERIFIED
Account exists but email not verified. Redirect to verification flow.
ACCOUNT_LOCKED
Account temporarily locked due to security. Contact support or wait.
Related Endpoints
Need Help?
If you're experiencing authentication issues, check our troubleshooting guide or contact developer support.
Ready to Integrate?
Start authenticating users in your application with our secure login API. Check out the getting started guide for complete integration examples.