> ## Documentation Index
> Fetch the complete documentation index at: https://docs.wokelo.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Login

> Obtain a JSON Web Token (JWT) for subsequent API authentication

All API requests must be authenticated using a JWT token. Follow the steps below to generate your token:

## Overview

Obtain a JSON Web Token (JWT) ffor subsequent API authentication

## Endpoint Details

* **Method:** POST
* **Endpoint:** `/auth/token/`

## Request

### Request Parameters

Submit the following parameters as form-data in the request body:

<ParamField body="client_id" type="string" required>
  Unique identifier for your organization, obtained from the [API Credentials page](https://app.wokelo.ai/dashboard/profile/api-credentials)
</ParamField>

<ParamField body="client_secret" type="string" required>
  Secret key for your organization, obtained from the [API Credentials page](https://app.wokelo.ai/dashboard/profile/api-credentials)
</ParamField>

<ParamField body="username" type="string" required>
  Your email address used for Wokelo login
</ParamField>

<ParamField body="password" type="string" required>
  Your account password used for Wokelo login
</ParamField>

<ParamField body="grant_type" type="string" required>
  Type of grant being requested (use `"password"` for credential-based authentication)
</ParamField>

## Response

### Response Fields

On successful authentication (HTTP 200), the response will contain:

<ResponseField name="access_token" type="string">
  JWT for authenticated API access
</ResponseField>

<ResponseField name="expires_in" type="integer">
  Token validity duration in seconds
</ResponseField>

<ResponseField name="token_type" type="string">
  Type of authentication token
</ResponseField>

<ResponseField name="scope" type="string">
  Authorization scope of the token
</ResponseField>

<ResponseField name="refresh_token" type="string">
  Token used to obtain a new access token
</ResponseField>

* Ensure the `client_id` and `client_secret` are kept confidential
* Any token returned by the API is sensitive and should be stored securely. Wokelo tokens are long-lasting and should never be exposed on the client side.
* The access token is time-limited; use the refresh token to obtain a new access token when it expires
* Use HTTPS for all authentication requests

<ResponseExample>
  ```json 200 theme={"system"}
  {
      "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
      "expires_in": 2628288,
      "token_type": "Bearer",
      "scope": "read write",
      "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
  ```
</ResponseExample>
