> ## Documentation Index
> Fetch the complete documentation index at: https://docs.4cx.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Log in

> Exchange username and password for a session token.

Exchange your username and password for a session token. Copy the returned `data.user.auth` value and send it as the raw `Authorization` header on subsequent requests (no `Bearer` prefix). The response also sets a signed `auth` cookie, so browser clients are authenticated automatically on the same origin.

## Request

<Card>
  **POST** `https://api.4cx.io/user/login` <Badge color="green">POST</Badge>
</Card>

**Headers:** `Content-Type: application/json` only (no `Authorization`)

<CodeGroup>
  ```json Request theme={null}
  {
    "username": "sample_user",
    "password": "REPLACE_WITH_PASSWORD"
  }
  ```

  ```json Response theme={null}
  {
    "data": {
      "user": {
        "auth": "<128-byte hex token>",
        "id": "65f1a2b3c4d5e6f7a8b9c0d1",
        "username": "sample_user",
        "isAdmin": false,
        "type": "user",
        "playerMode": "cash",
        "cashBalance": 1000.00,
        "coinsBalance": 0,
        "cashLiability": 0,
        "coinsLiability": 0,
        "displayBalance": 1000.00,
        "liability": 0,
        "creditLimit": 0,
        "defaultExpiry": 3600,
        "defaultOffer": null,
        "defaultRotationNumbers": false,
        "displayRotationNumbers": false,
        "oddsFormat": "american",
        "sportsbookDefault": null,
        "idVerified": false,
        "emailConfirmation": false,
        "rollover": 0,
        "isPro": false,
        "isAlphaUser": false,
        "code": null,
        "paynoteID": null,
        "autoRedemptions": false,
        "createdAt": "2024-03-13T12:00:00.000Z"
      }
    }
  }
  ```
</CodeGroup>

The response also sets a signed cookie:

```
Set-Cookie: auth=<token>; HttpOnly; Path=/
```

For server-to-server clients, ignore the cookie and use `data.user.auth` as the raw `Authorization` header value on subsequent requests.
