Login

Gets the API key of a user given the username and password via HTTP Basic Authentication.

Passwords are stored in the Conjur database using bcrypt with a work factor of 12. Therefore, login is a fairly expensive operation. However, once the API key is obtained, it may be used to inexpensively obtain access tokens by calling the Authenticate method. An access token is required to use most other parts of the Conjur API.

Your HTTP/REST client probably provides HTTP basic authentication support. For example, curl and all of the Conjur client libraries provide this.

 

Machine roles (Hosts) do not have passwords and do not need to login.

URI

 
GET /authn/{account}/login

Example with curl

Suppose your account is “myorg” and you want to get the API key for user “alice” whose password is “Mypassw0rD1!”:

 
curl --user alice:Mypassw0rD1\! \
     https://eval.conjur.org/authn/myorg/login

Headers

Field

Description

Example

Authorization

HTTP Basic Auth

Basic YWxpY2U6c2VjcmV0

Response

Code

Description

200

The response body is the API key.

401

The credentials were not accepted.

Example URI

 
GET /authn/myorg/login

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name

Example: myorg

Request

Headers

 
Authorization: Basic YWxpY2U6c2VjcmV0

Response  200

Headers

 
Content-Type: text/plain; charset=utf-8

Body

 
14m9cf91wfsesv1kkhevg12cdywm2wvqy6s8sk53z1ngtazp1t9tykc