> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rolearn.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Login

> Authenticate and receive a JWT token

<ParamField body="email" type="string" required>
  Registered email address
</ParamField>

<ParamField body="password" type="string" required>
  Account password
</ParamField>

<RequestExample>
  ```bash theme={null}
  curl -i -X POST https://rolearn.dev/api/auth/login \
    -H "Content-Type: application/json" \
    -d '{"email": "dev@example.com", "password": "securepass123"}'
  ```
</RequestExample>

On success the server sets the `rolearn_access`, `rolearn_refresh`, and
`rolearn_csrf` cookies (see [API Overview → Authentication](/api-reference/overview)).
For non-browser clients the access token is also returned in the JSON body so it
can be used as a `Bearer` credential.

<ResponseExample>
  ```json theme={null}
  {
    "access_token": "eyJhbGciOiJIUzI1NiIs...",
    "token_type": "bearer"
  }
  ```
</ResponseExample>

<Note>
  Web clients should rely on the cookies and ignore the body token. Every later
  `POST`/`PUT`/`DELETE` must echo the `rolearn_csrf` cookie in an `X-CSRF-Token`
  header. Each fresh login bumps the account's token version, invalidating any
  previously issued tokens (single-active-session model).
</Note>