Login

Gets the API key of a user given the username and password via HTTP Basic Authentication.

Passwords are stored in the Conjur database using bcrypt with a work factor of 12. Therefore, login is a fairly expensive operation. However, once the API key is obtained, it may be used to inexpensively obtain access tokens by calling the Authenticate method. An access token is required to use most other parts of the Conjur API.

Your HTTP/REST client probably provides HTTP basic authentication support. For example, curl and all of the Conjur client libraries provide this.

Machine roles (Hosts) do not have passwords and do not need to login.

URI

GET /authn/{account}/login

Example with curl

Suppose your account is “myorg” and you want to get the API key for user “alice” whose password is “Mypassw0rD1!”:

Use this sample query to get the API key for a user whose password is “Mypassw0rD1!”:

curl --user alice:Mypassw0rD1\! \
     https://eval.conjur.org/authn/myorg/login

Headers

Field	Description	Example
Authorization	HTTP Basic Auth	Basic YWxpY2U6c2VjcmV0

Response

Code	Description
200	The response body is the API key.
401	The credentials were not accepted.

Example URI

GET /authn/myorg/login

URI Parameters

Parameter	Type	Mandatory	Description
account	String	Yes	Organization account name. Example: `myorg`

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name.

Example: myorg

Request

Headers

Authorization: Basic YWxpY2U6c2VjcmV0

Response 200

Headers

Content-Type: text/plain; charset=utf-8

Body

14m9cf91wfsesv1kkhevg12cdywm2wvqy6s8sk53z1ngtazp1t9tykc