gitlab-org--gitlab-foss/doc/api/session.md

# Session

## Deprecation Notice

1. Starting in GitLab 8.11, this feature has been *disabled* for users with two-factor authentication turned on.
2. These users can access the API using [personal access tokens] instead.

---

You can login with both GitLab and LDAP credentials in order to obtain the
private token.

```
POST /session
```

| Attribute  | Type    | Required | Description |
| ---------- | ------- | -------- | -------- |
| `login`    | string  | yes      | The username of the user|
| `email`    | string  | yes if login is not provided | The email of the user |
| `password` | string  | yes     | The password of the user |

```bash
curl --request POST "https://gitlab.example.com/api/v3/session?login=john_smith&password=strongpassw0rd"
```

Example response:

```json
{
  "name": "John Smith",
  "username": "john_smith",
  "id": 32,
  "state": "active",
  "avatar_url": null,
  "created_at": "2015-01-29T21:07:19.440Z",
  "is_admin": true,
  "bio": null,
  "skype": "",
  "linkedin": "",
  "twitter": "",
  "website_url": "",
  "email": "john@example.com",
  "theme_id": 1,
  "color_scheme_id": 1,
  "projects_limit": 10,
  "current_sign_in_at": "2015-07-07T07:10:58.392Z",
  "identities": [],
  "can_create_group": true,
  "can_create_project": true,
  "two_factor_enabled": false,
  "private_token": "9koXpg98eAheJpvBs5tK"
}
```

[personal access tokens]: ./README.md#personal-access-tokens
Add titles to doc pages. 2014-05-27 12:12:15 +00:00			`# Session`

Add notices about disabling auth features for users with 2FA. 2016-06-21 05:33:50 +00:00			`## Deprecation Notice`

Added documentation and CHANGELOG item 2016-08-15 22:14:22 +00:00			`1. Starting in GitLab 8.11, this feature has been disabled for users with two-factor authentication turned on.`
Add notices about disabling auth features for users with 2FA. 2016-06-21 05:33:50 +00:00			`2. These users can access the API using [personal access tokens] instead.`

			`---`

Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`You can login with both GitLab and LDAP credentials in order to obtain the`
			`private token.`
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
			```
			`POST /session`
			```

Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`\| Attribute \| Type \| Required \| Description \|`
			`\| ---------- \| ------- \| -------- \| -------- \|`
			\| `login` \| string \| yes \| The username of the user\|
			\| `email` \| string \| yes if login is not provided \| The email of the user \|
			\| `password` \| string \| yes \| The password of the user \|
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			```bash
use long options for curl examples in API documentation (!5703) 2016-08-08 07:47:17 +00:00			`curl --request POST "https://gitlab.example.com/api/v3/session?login=john_smith&password=strongpassw0rd"`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			```
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`Example response:`
Update docs 2013-07-16 08:50:00 +00:00
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00			```json
			`{`
			`"name": "John Smith",`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"username": "john_smith",`
			`"id": 32,`
			`"state": "active",`
			`"avatar_url": null,`
			`"created_at": "2015-01-29T21:07:19.440Z",`
			`"is_admin": true,`
API docs updated 2013-03-18 21:06:24 +00:00			`"bio": null,`
			`"skype": "",`
			`"linkedin": "",`
			`"twitter": "",`
Add website url to user 2014-01-18 19:07:00 +00:00			`"website_url": "",`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"email": "john@example.com",`
add missing comma(s) in api examples 2013-08-30 19:04:26 +00:00			`"theme_id": 1,`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"color_scheme_id": 1,`
			`"projects_limit": 10,`
			`"current_sign_in_at": "2015-07-07T07:10:58.392Z",`
			`"identities": [],`
Api-Doc JSON lint Fixes: #5505 2014-04-05 06:36:47 +00:00			`"can_create_group": true,`
Refactor session API documentation [ci skip] 2016-01-18 08:43:46 +00:00			`"can_create_project": true,`
			`"two_factor_enabled": false,`
			`"private_token": "9koXpg98eAheJpvBs5tK"`
I want be able to get token via api. Used for mobile applications 2012-09-20 14:44:44 +00:00			`}`
			```
Add notices about disabling auth features for users with 2FA. 2016-06-21 05:33:50 +00:00
			`[personal access tokens]: ./README.md#personal-access-tokens`