Skip to main content

POST /login

Sign in and issue a server-held token

Performs a real SRP login as the user against the kS, issues a per-user TE token stored server-side, and returns an opaque sessionId. The password is used only for the login and is then discarded; the token never leaves the gateway.

Authentication

No authentication required.

Request

FieldTypeRequiredDescription
userstringyeskS username.
passwordstringyeskS password (used only to SRP-login; discarded after the token is issued).

Example

{
"user": "alice",
"password": "********"
}

Responses

200

Logged in; session created.

FieldTypeRequiredDescription
sessionIdstringyesOpaque session id. Echo it back in X-Session on authenticated calls.
userstringyes
systemIdintegeryeskS system identifier for the principal. (Judgment call: documented as a numeric engine system id; serialized verbatim by the gateway.)
principalIdstringyesPrincipal identifier, hex-encoded (16 hex chars).
hasTokenbooleanyesTrue when a TE token was issued and stored server-side for this session.

Example

{
"sessionId": "9f3c1ab7d2e4...48hex",
"user": "alice",
"systemId": 1001,
"principalId": "a1b2c3d4e5f60718",
"hasToken": true
}

400

Validation error: missing fields, invalid JSON, or body > 1 MB.

401

Wrong credential (WRONG_CREDENTIAL / credential / empty data).

502

Login failed for a non-credential reason (kS unreachable).

Error handling

This endpoint can return the statuses below. For request bodies and the client action per status, see the full error contract.

StatusMeaning
400Validation error: missing fields, invalid JSON, or body > 1 MB.
401Wrong credential (WRONG_CREDENTIAL / credential / empty data).
502Login failed for a non-credential reason (kS unreachable).