Skip to main content
POST
/
v1
/
programmatic
/
login
Login
curl --request POST \
  --url https://auth.contra.id/v1/programmatic/login
You don’t need this for verification calls — those use the long-lived api_key. You need it to manage your account later (rotate keys, create new applications).

Request

curl -X POST https://auth.contra.id/v1/programmatic/login \
  -H "Content-Type: application/json" \
  -d '{
    "email":    "you@yourco.com",
    "password": "MyStr0ng!Pass"
  }'

Response · 200

{
  "access_token":  "eyJ…",
  "refresh_token": "eyJ…",
  "expires_in":    86400
}

Lockout

Progressive lockout protects against brute force:
Consecutive failuresLockout
515 minutes
101 hour
2024 hours