Login - RoLearn Docs

curl -i -X POST https://rolearn.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "securepass123"}'

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer"
}

POST

api

auth

curl -i -X POST https://rolearn.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "securepass123"}'

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer"
}

string

required

Registered email address

password

string

required

Account password

curl -i -X POST https://rolearn.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "dev@example.com", "password": "securepass123"}'

On success the server sets the rolearn_access, rolearn_refresh, and rolearn_csrf cookies (see API Overview → Authentication). For non-browser clients the access token is also returned in the JSON body so it can be used as a Bearer credential.

{
  "access_token": "eyJhbGciOiJIUzI1NiIs...",
  "token_type": "bearer"
}

Web clients should rely on the cookies and ignore the body token. Every later POST/PUT/DELETE must echo the rolearn_csrf cookie in an X-CSRF-Token header. Each fresh login bumps the account’s token version, invalidating any previously issued tokens (single-active-session model).