Authenticate and obtain a JWT

Authenticates an identity and password (plus optional PKI challenge response) and returns a JWT. Store the expiry and renew before it lapses — requests with expired tokens return HTTP 401.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
Body Params

A username/password (and optional challenge response for WebAuthN/PKI auth) and/or TOTP for getting a valid JWT

string
length between 44 and 44

Optional: Needed when identity has a public key or responding to a WebAuthN challenge

string
length between 44 and 44

Optional: Needed when identity has a public key or responding to a WebAuthN challenge

string
length ≤ 200
string
required
length between 3 and 40

Identity/username for authentication

string
length between 6 and 6

Optional: Needed when wanted to impersonate users with otp by a currently authenticated user - the currently authenticated user must contain a position for allowing impersonation. Also required if device fingerprinting is enabled on the tenant and the fingerprint is not enrolled

string
required
length between 3 and 80

Can be pre-hashed with BCRYPT or passed as clear text in which case Eclipse will hash it

scope
array of strings

Optional: Request a deliberately down-scoped JWT for the currently-authenticated identity (self-scoping). Requires an existing Authorization header. The only permitted scope is 'UpdateByTasks', which forces all subsequent mutating requests (POST/PUT/DELETE/PATCH) through the task-submission workflow.

scope
securityQuestionAnswers
array of objects

Optional: Needed if the customer has security questions

securityQuestionAnswers
string
length between 6 and 6

Optional: Needed when identity has MFA enabled. This is the time based OTP for the identity

Responses

400

Bad Request

Language
URL
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json