Login
POST/api/v1/auth/login
User login endpoint. Returns JWT access and refresh tokens, and sets HttpOnly cookies.
Rate limited: 60/min per IP, 15/min per email. Per-email limit raised from 5/m (Issue #67) to 15/m (Issue #242) to reduce false lockouts from mobile retries on flaky networks, typos, and app restarts. IP limit remains the primary abuse deterrent.
Request
Responses
- 200
- 400
- 401
- 403
- 404
- 422
- 429
OK
Bad Request
Unauthorized
Forbidden
Not Found
Validation Error
Too Many Requests