Skip to main content
POST
/
v1
/
login
curl -X POST https://api.vouchmark.com/v1/login \
  -H "Content-Type: application/json" \
  -d '{"email":"ada@example.com","password":"L0ng-Random-Pass!"}'
{
  "success": true,
  "message": "Login Successful",
  "data": {
    "userId": "usr_aBcD..."
  }
}
Authenticates a user and starts a session by setting httpOnly auth cookies. Public endpoint, rate-limited to 50 requests per 15 minutes per IP.

Body

email
string
required
password
string
required
curl -X POST https://api.vouchmark.com/v1/login \
  -H "Content-Type: application/json" \
  -d '{"email":"ada@example.com","password":"L0ng-Random-Pass!"}'
{
  "success": true,
  "message": "Login Successful",
  "data": {
    "userId": "usr_aBcD..."
  }
}
On success the response sets two httpOnly cookies — token (the access token) and refreshToken — plus a non-httpOnly vm_session hint cookie. The tokens are not included in the JSON body. For server-to-server calls, read the value of the token cookie and send it as Authorization: Bearer <token> on subsequent requests. If the account exists but its email is not yet verified, the request returns 403 and a fresh verification code is emailed:
{
  "success": false,
  "error": "Email not verified",
  "message": "Please verify your email before logging in. A new verification code has been sent to your email.",
  "data": {
    "requiresVerification": true,
    "userId": "usr_aBcD..."
  }
}