curl --request POST \
  --url https://core.cyberun.cloud/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email_address": "alice@example.com",
  "user_password": "P@ssw0rd123"
}
'

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_in": 3600
}

Auth

Login with email and password

Authenticates the user and returns a JWT access token and refresh token. The access token is short-lived (default 1 hour); use the refresh endpoint to obtain new tokens.

All failure modes — unknown email, wrong password, unverified email, disabled account — return the same 401 invalid email or password. The endpoint also runs a constant-time bcrypt against a dummy hash for unknown emails so the response time does not reveal whether the email exists.

POST

auth

curl --request POST \
  --url https://core.cyberun.cloud/api/v1/auth/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email_address": "alice@example.com",
  "user_password": "P@ssw0rd123"
}
'

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_in": 3600
}

Body

application/json

email_address

string<email>

required

Registered email address.

Example:

"alice@example.com"

user_password

string

required

Account password.

Example:

"P@ssw0rd123"

Response

access_token

string

required

Short-lived JWT for authenticating API requests (sent in Authorization Bearer header).

Example:

"eyJhbGciOiJIUzI1NiIs..."

refresh_token

string

required

Long-lived JWT used to obtain new access/refresh token pairs.

Example:

"eyJhbGciOiJIUzI1NiIs..."

expires_in

integer

required

Access token lifetime in seconds (e.g. 3600 = 1 hour).

Example:

3600

⌘I

Documentation Index

Body

Response