Login
Authenticate a user and obtain a JWT token for subsequent API requests.
POST
/apidev/v1/loginPermissionNone (public)
Rate Limit5 req/30s per account
CacheNone
Overview
Authenticates a user by email and password and returns a signed JWT token valid for 1 hour. This is a public endpoint — no JWT or API Key required, only the tenant header.
For the full dual-auth model (JWT + API Key) and how to use the token on protected endpoints, see Authentication.
Request
Headers
| Header | Type | Required | Description |
|---|---|---|---|
tenant | string | Yes | Your tenant domain (e.g. yourcompany.geotareas.com) |
Content-Type | string | Yes | Must be application/json |
Body Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | User email address |
password | string | Yes | User password |
Code Examples
- cURL
- JavaScript
- Python
- PHP
- C#
curl -X POST "https://$TENANT/apidev/v1/login" \
-H "tenant: $TENANT" \
-H "Content-Type: application/json" \
-d '{
"email": "dev@company.com",
"password": "your_password"
}'
const TENANT = "yourcompany.geotareas.com";
const response = await fetch(`https://${TENANT}/apidev/v1/login`, {
method: "POST",
headers: {
"tenant": TENANT,
"Content-Type": "application/json",
},
body: JSON.stringify({
email: "dev@company.com",
password: "your_password",
}),
});
const result = await response.json();
const token = result.data.authorization;
import requests
TENANT = "yourcompany.geotareas.com"
response = requests.post(
f"https://{TENANT}/apidev/v1/login",
headers={
"tenant": TENANT,
"Content-Type": "application/json",
},
json={
"email": "dev@company.com",
"password": "your_password",
},
)
result = response.json()
token = result["data"]["authorization"]
<?php
$tenant = "yourcompany.geotareas.com";
$ch = curl_init("https://{$tenant}/apidev/v1/login");
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_HTTPHEADER => [
"tenant: {$tenant}",
"Content-Type: application/json",
],
CURLOPT_POSTFIELDS => json_encode([
"email" => "dev@company.com",
"password" => "your_password",
]),
]);
$response = curl_exec($ch);
curl_close($ch);
$result = json_decode($response, true);
$token = $result["data"]["authorization"];
using System.Net.Http;
using System.Text;
using System.Text.Json;
var tenant = "yourcompany.geotareas.com";
using var client = new HttpClient();
client.DefaultRequestHeaders.Add("tenant", tenant);
var payload = JsonSerializer.Serialize(new
{
email = "dev@company.com",
password = "your_password"
});
var content = new StringContent(payload, Encoding.UTF8, "application/json");
var response = await client.PostAsync(
$"https://{tenant}/apidev/v1/login", content);
var json = await response.Content.ReadAsStringAsync();
using var doc = JsonDocument.Parse(json);
var token = doc.RootElement
.GetProperty("data")
.GetProperty("authorization")
.GetString();
Response
Success — 200 OK
| Field | Type | Description |
|---|---|---|
success | boolean | Always true on success |
data.authorization | string | Signed JWT token, valid for 1 hour |
meta | object | Empty object |
{
"success": true,
"data": {
"authorization": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
},
"meta": {}
}
Errors
| HTTP Code | Error Code | Cause |
|---|---|---|
400 | BAD_REQUEST | Missing tenant header |
400 | VALIDATION_ERROR | Missing or malformed body (e.g. invalid email format, missing password) |
401 | UNAUTHORIZED | Invalid email or password |
429 | RATE_LIMITED | 5+ failed attempts in 30s — account blocked for 60 seconds |
{
"success": false,
"data": null,
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid email or password."
}
}
Next steps
Once you have the token, attach it alongside your API Key and tenant header on every request. See Using the Token for the exact headers required.