Since Kuzzle 1.0.0

URL: http://kuzzle:7512/_login/<strategy>[?expiresIn=<expiresIn>]
Method: POST

  // set of parameters depending of the chosen strategy. Example for "local" strategy:
  "username": "<username>",
  "password": "<password>"


  "controller": "auth",
  "action": "login",
  "strategy": "<strategy>",
  "expiresIn": "<expiresIn>",

  "body": {
    "username": "<username>",
    "password": "<password>"


  "status": 200,
  "error": null,
  "controller": "auth",
  "action": "login",
  "requestId": "<unique request identifier>",
  "volatile": {},
  "result": {
    "_id": "<kuid>", // The kuzzle user identifier
    "jwt": "<JWT encrypted token>",
    "expiresAt": 1321085955000,
    "ttl": 360000

Authenticates a user.


strategy (required)

Type: string

The name of the authentication strategy used to log the user in.

expiresIn (optional)

Type: string or integer
Default: depends on Kuzzle configuration file

  • if a raw number is provided (not enclosed between quotes), then the expiration delay is in milliseconds
  • if this value is a string, then its content is parsed by the ms library

Examples: "6d", "10h", 86400000

Other arguments

Depending on the chosen authentication strategy, additional credential arguments may be required.
The API request example in this page provides the necessary arguments for the local authentication plugin.

Check the appropriate authentication plugin documentation to get the list of additional arguments to provide.


The _login action returns the following:

  • _id: user's kuid
  • jwt: encrypted JSON Web Token, that must then be sent in the requests headers
  • expiresAt: token expiration date, in Epoch-millis (UTC)
  • ttl: token time to live, in milliseconds