Authentication
Get a bearer token
Exchange a customer email and password for a bearer token used to authenticate all subsequent API requests.
Get a bearer token
Get a bearer token
Exchanges a customer’s email address and password for a short-lived bearer token and a refresh token. Every authenticated API call in the Members Portal uses theaccess_token returned here as a Bearer credential. Pass totp when the customer has two-factor authentication enabled — omitting it when 2FA is active will return a two_factor_auth_check error.
Unlike most Nexudus API endpoints, this request must be encoded as
application/x-www-form-urlencoded, not application/json. Sending a JSON
body will result in an unsupported_grant_type error.Authentication
No authentication required. This is the endpoint that issues credentials.Request Body
Grant flow to use. Must be
password for email/password authentication.The customer’s email address.
The customer’s password.
Time-based One-Time Password for two-factor authentication. Required when the customer has 2FA enabled; omit otherwise.
Headers
A unique identifier for the client application or integration. If omitted, this defaults to the customer’s email address, which you must then use as the
client_id when refreshing the token.Response
Bearer token to include in the
Authorization header of all subsequent authenticated requests.Token scheme. Always
bearer.Lifetime of the access token in seconds.
Token used to obtain a new
access_token after it expires, without requiring the customer to re-enter their password.Examples
Successful sign-in
Sign-in with client identifier
Providing aclient_id is optional. If you provide one, you must use the same value when refreshing the token. If omitted, the customer’s email address is used as the client_id, which you must then pass to the refresh endpoint.
Sign-in with two-factor authentication
TypeScript Integration
Usage in Portal
| Context | Source file |
|---|---|
Sign-in page (/signin) | src/views/auth/SignIn/useSignIn.ts |
Error Responses
The
grant_type field is missing or the body was not encoded as application/x-www-form-urlencoded.Credentials are incorrect, the customer is not registered with this location, or the account has been suspended. The
error_description field
contains a human-readable reason.The customer has 2FA enabled but
totp was not supplied or the supplied code is invalid. Prompt the customer for their one-time code and retry.The customer is required to reset their password before signing in. The
error_description field contains a password-reset token to pass to the
reset-password flow.Related Endpoints
| Method | Endpoint | Description |
|---|---|---|
POST | /api/token | (this endpoint) Exchange credentials for a bearer token |
GET | /api/public/billing/customer | Retrieve the authenticated customer’s profile |
GET | /api/public/teams/my | List teams the authenticated customer belongs to |
Get a bearer token