gitlab-org--gitlab-foss/doc/api/session.md

# Session API

>**Deprecation notice:**
Starting in GitLab 8.11, this feature has been **disabled** for users with
[two-factor authentication][2fa] turned on. These users can access the API
using [personal access tokens] instead.

You can login with both GitLab and LDAP credentials in order to obtain the
private token.

```
POST /session
```

| Attribute  | Type    | Required | Description |
| ---------- | ------- | -------- | -------- |
| `login`    | string  | yes      | The username of the user|
| `email`    | string  | yes if login is not provided | The email of the user |
| `password` | string  | yes     | The password of the user |

```bash
curl --request POST "https://gitlab.example.com/api/v4/session?login=john_smith&password=strongpassw0rd"
```

Example response:

```json
{
  "name": "John Smith",
  "username": "john_smith",
  "id": 32,
  "state": "active",
  "avatar_url": null,
  "created_at": "2015-01-29T21:07:19.440Z",
  "is_admin": true,
  "bio": null,
  "skype": "",
  "linkedin": "",
  "twitter": "",
  "website_url": "",
  "email": "john@example.com",
  "color_scheme_id": 1,
  "projects_limit": 10,
  "current_sign_in_at": "2015-07-07T07:10:58.392Z",
  "identities": [],
  "can_create_group": true,
  "can_create_project": true,
  "two_factor_enabled": false,
  "private_token": "9koXpg98eAheJpvBs5tK"
}
```

[2fa]: ../user/profile/account/two_factor_authentication.md
[personal access tokens]: ../user/profile/personal_access_tokens.md
Add "API" to all respective headings (h1s) 2017-05-18 08:49:03 +00:00			`# Session API`
Add titles to doc pages. 2014-05-27 12:12:15 +00:00
Add docs for personal access tokens 2017-06-13 12:10:31 +00:00			`>Deprecation notice:`
			`Starting in GitLab 8.11, this feature has been disabled for users with`
			`[two-factor authentication][2fa] turned on. These users can access the API`
			`using [personal access tokens] instead.`
Add notices about disabling auth features for users with 2FA. 2016-06-21 05:33:50 +00:00
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`You can login with both GitLab and LDAP credentials in order to obtain the`
			`private token.`
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
			```
			`POST /session`
			```

Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`\| Attribute \| Type \| Required \| Description \|`
			`\| ---------- \| ------- \| -------- \| -------- \|`
			\| `login` \| string \| yes \| The username of the user\|
			\| `email` \| string \| yes if login is not provided \| The email of the user \|
			\| `password` \| string \| yes \| The password of the user \|
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			```bash
Use v4 endpoint in API docs 2017-03-01 17:39:40 +00:00			`curl --request POST "https://gitlab.example.com/api/v4/session?login=john_smith&password=strongpassw0rd"`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			```
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`Example response:`
Update docs 2013-07-16 08:50:00 +00:00
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00			```json
			`{`
			`"name": "John Smith",`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"username": "john_smith",`
			`"id": 32,`
			`"state": "active",`
			`"avatar_url": null,`
			`"created_at": "2015-01-29T21:07:19.440Z",`
			`"is_admin": true,`
API docs updated 2013-03-18 21:06:24 +00:00			`"bio": null,`
			`"skype": "",`
			`"linkedin": "",`
			`"twitter": "",`
Add website url to user 2014-01-18 19:07:00 +00:00			`"website_url": "",`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"email": "john@example.com",`
			`"color_scheme_id": 1,`
			`"projects_limit": 10,`
			`"current_sign_in_at": "2015-07-07T07:10:58.392Z",`
			`"identities": [],`
Api-Doc JSON lint Fixes: #5505 2014-04-05 06:36:47 +00:00			`"can_create_group": true,`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"can_create_project": true,`
			`"two_factor_enabled": false,`
			`"private_token": "9koXpg98eAheJpvBs5tK"`
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00			`}`
			```
Add notices about disabling auth features for users with 2FA. 2016-06-21 05:33:50 +00:00
Add docs for personal access tokens 2017-06-13 12:10:31 +00:00			`[2fa]: ../user/profile/account/two_factor_authentication.md`
			`[personal access tokens]: ../user/profile/personal_access_tokens.md`