> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vouchmark.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Log in

> Authenticate with email and password and start a session.

Authenticates a user and starts a session by setting httpOnly auth cookies. Public endpoint, rate-limited to 50 requests per 15 minutes per IP.

## Body

<ParamField body="email" type="string" required />

<ParamField body="password" type="string" required />

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST https://api.vouchmark.com/v1/login \
    -H "Content-Type: application/json" \
    -d '{"email":"ada@example.com","password":"L0ng-Random-Pass!"}'
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "success": true,
    "message": "Login Successful",
    "data": {
      "userId": "usr_aBcD..."
    }
  }
  ```
</ResponseExample>

On success the response sets two httpOnly cookies — `token` (the access token) and `refreshToken` — plus a non-httpOnly `vm_session` hint cookie. The tokens are **not** included in the JSON body. For server-to-server calls, read the value of the `token` cookie and send it as `Authorization: Bearer <token>` on subsequent requests.

If the account exists but its email is not yet verified, the request returns `403` and a fresh verification code is emailed:

```json theme={null}
{
  "success": false,
  "error": "Email not verified",
  "message": "Please verify your email before logging in. A new verification code has been sent to your email.",
  "data": {
    "requiresVerification": true,
    "userId": "usr_aBcD..."
  }
}
```
