Skip to main content
POST
/
api
/
v3
/
user
/
login
User login
curl --request POST \
  --url https://app.thareja.ai/api/v3/user/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "user@example.com",
  "password": "yourSecurePassword123"
}
'
{
  "error": "Incorrect email or password"
}

Overview

Authenticate a user with email and password. Returns user details, authentication token, and onboarding status flags. The token should be used for all subsequent API requests.

Request Body

email
string
required
User’s email address.Format: Valid email addressExample: "user@example.com"
password
string
required
User’s password.Example: "yourSecurePassword123"

Response

id
integer
User’s unique identifier.
name
string
User’s full name.
email
string
User’s email address.
profile_photo_url
string
URL to user’s profile picture.
current_team_id
integer
ID of the user’s current active team.
token
string
Authentication token for API requests. Use this in the Authorization: Bearer {token} header.
role
string
User’s role in the current team.Possible values: "owner", "manager", "member", "client"
isAdmin
string
Whether the user has admin privileges in the team.Possible values: "yes", "no"
contact_count
integer
Number of contacts the user has.
is_first_project_added
integer
Onboarding flag: Whether the first project has been added.Values: 0 (not added), 1 (added)
is_first_task_added
integer
Onboarding flag: Whether the first task has been added.Values: 0 (not added), 1 (added)
is_first_member_invited
integer
Onboarding flag: Whether the first team member has been invited.Values: 0 (not invited), 1 (invited)
timezone
string
User’s timezone setting.
two_factor_confirmed_at
string
Timestamp of two-factor authentication confirmation (if enabled).
created_at
string
Timestamp when the user account was created.
updated_at
string
Timestamp when the user account was last updated.

Example Request

curl --request POST \
  --url https://app.thareja.ai/api/v3/auth/login \
  --header 'Content-Type: application/json' \
  --data '{
    "email": "user@example.com",
    "password": "yourSecurePassword123"
  }'

Example Request (JavaScript)

fetch('https://app.thareja.ai/api/v3/user/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    email: "user@example.com",
    password: "yourSecurePassword123"
  })
})
.then(response => response.json())
.then(data => {
  // Store the token for future requests
  localStorage.setItem('authToken', data.token);
  console.log('Logged in successfully:', data);
})
.catch(error => console.error('Login failed:', error));

Example Response

{
  "id": 1,
  "name": "John Doe",
  "email": "john.doe@example.com",
  "profile_photo_url": "https://s3.amazonaws.com/bucket/profiles/user-1.jpg",
  "current_team_id": 5,
  "token": "1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0",
  "role": "owner",
  "isAdmin": "yes",
  "contact_count": 15,
  "is_first_project_added": 1,
  "is_first_task_added": 1,
  "is_first_member_invited": 1,
  "timezone": "America/New_York",
  "two_factor_confirmed_at": null,
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2025-11-28T10:30:00Z"
}

Example Response - New Team Owner

{
  "id": 2,
  "name": "Jane Smith",
  "email": "jane.smith@example.com",
  "profile_photo_url": "https://ui-avatars.com/api/?name=Jane+Smith",
  "current_team_id": 10,
  "token": "2|Xy9Zw8Vu7Tt6Ss5Rr4Qq3Pp2Oo1Nn0Mm9",
  "role": "owner",
  "isAdmin": "yes",
  "contact_count": 0,
  "is_first_project_added": 0,
  "is_first_task_added": 0,
  "is_first_member_invited": 0,
  "timezone": "UTC",
  "two_factor_confirmed_at": null,
  "created_at": "2025-11-28T09:00:00Z",
  "updated_at": "2025-11-28T10:30:00Z"
}

Error Responses

{
  "error": "Incorrect email or password"
}

Authentication Token Usage

After successful login, use the returned token in all subsequent API requests: 
curl --request GET \
  --url https://app.thareja.ai/api/v3/user/profile \
  --header 'Authorization: Bearer 1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0'

fetch('https://app.thareja.ai/api/v3/user/profile', {
  headers: {
    'Authorization': 'Bearer ' + token
  }
})
.then(response => response.json())
.then(data => console.log(data));

Onboarding Flags

The response includes three onboarding flags to help guide new users:

is_first_project_added

  • 0: No projects have been created yet (show project creation prompt)
  • 1: At least one project exists (skip project creation prompt)
  • Applies to: Owners and managers only

is_first_task_added

  • 0: No tasks have been created yet (show task creation prompt)
  • 1: At least one task exists (skip task creation prompt)
  • Applies to: Owners and managers only

is_first_member_invited

  • 0: Team only has the owner (show member invitation prompt)
  • 1: At least one additional member exists (skip invitation prompt)
  • Applies to: Owners only

User Roles

RoleDescriptionPermissions
ownerTeam ownerFull access to all features and settings
managerTeam managerCan manage projects, tasks, and team members
memberRegular memberCan work on assigned tasks and projects
clientExternal clientLimited access to assigned projects only

Role-Based Response Differences

Owner/Manager Response

Includes onboarding flags for projects and tasks: 
{
  "role": "owner",
  "is_first_project_added": 0,
  "is_first_task_added": 0,
  "is_first_member_invited": 0
}

Member/Client Response

Onboarding flags default to 1 (completed): 
{
  "role": "member",
  "is_first_project_added": 1,
  "is_first_task_added": 1,
  "is_first_member_invited": 1
}

Login Behavior

On Successful Login:

  1. Authentication: Validates email and password
  2. Login method reset: Clears any previous login method (OAuth, etc.)
  3. Token generation: Creates new authentication token
  4. Role detection: Retrieves user’s role in current team
  5. Admin status: Checks if user has admin privileges
  6. Contact count: Calculates number of user contacts
  7. Onboarding status: Determines which setup steps are complete
  8. Response: Returns complete user profile with token

Security Features:

  • Passwords are hashed and never returned
  • Tokens are unique per session
  • Failed login attempts can be rate-limited
  • Login method tracking for security audits
  • Team context: current_team_id determines which team’s data to display

Security Considerations

  • HTTPS only: Always use HTTPS for login requests
  • Token protection: Treat tokens like passwords - never expose in URLs or logs
  • Token expiration: Implement token expiration and refresh mechanisms
  • Failed attempts: Monitor and limit failed login attempts
  • Password requirements: Enforce strong password policies during registration
  • Two-factor auth: Enable 2FA for enhanced security
  • Session management: Properly handle token revocation on logout

Body

application/json
email
string<email>
required

User's email address

Example:

"user@example.com"

password
string<password>
required

User's password

Example:

"yourSecurePassword123"

Response

Login successful

id
integer
Example:

1

name
string
Example:

"John Doe"

email
string<email>
Example:

"john.doe@example.com"

profile_photo_url
string<uri>
Example:

"https://s3.amazonaws.com/bucket/profiles/user-1.jpg"

current_team_id
integer
Example:

5

token
string

Bearer token for API authentication

Example:

"1|Ab3dEfGh1Jk2Lm3No4Pq5Rs6Tt7Uv8Wx9Yz0"

role
enum<string>
Available options:
owner,
manager,
member,
client
Example:

"owner"

isAdmin
enum<string>
Available options:
yes,
no
Example:

"yes"

contact_count
integer
Example:

15

is_first_project_added
enum<integer>

0 = not added, 1 = added

Available options:
0,
1
Example:

1

is_first_task_added
enum<integer>

0 = not added, 1 = added

Available options:
0,
1
Example:

1

is_first_member_invited
enum<integer>

0 = not invited, 1 = invited

Available options:
0,
1
Example:

1

timezone
string
Example:

"America/New_York"

two_factor_confirmed_at
string<date-time> | null
created_at
string<date-time>
updated_at
string<date-time>