How to sign in to FCC via the API

There are multiple API endpoints that can be used for the login. The Login API described here is /login. There are different ones such as /auth/forceLogin, which forces a login by ending an older session if the user was already logged in.

To use the Swagger API, make sure to set xserver.swagger.enable=true in the

To create a request, create a POST call to /login, like https://my-address/login. The JSON body of the call should look like this:


Here we specify the user name, password, and domain. After that we can execute the request.

The response we get back will look like this:

  "token": "eyJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJGQ0MiLCJzdWIiOiJ0ZXN0ZXIiLCJkb21haW4iOiJ1YmltYXgiLCJpZCI6MTYyOTI4NDQ0ODg0OSwiaWF0IjoxNjI5Mjg0NDQ4LCJleHAiOjE2MjkyODQ3NDh9.9qhH0Jpf-xtzPa5Gu3CUt89dVag-8obzV-dNYsGojs_GNdfSfcM_iJ4rA01-Wg7Gr3LQfRkjtLhC95AHLmtc5A",
  "refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJpc3MiOiJGQ0MiLCJzdWIiOiJ0ZXN0ZXIiLCJkb21haW4iOiJ1YmltYXgiLCJpYXQiOjE2MjkyODQ0NDgsImV4cCI6MTYyOTg4OTI0OH0.-L38U0FsXHhOJCxWus4kXEezSm6tcZ3u2nKzhZX9C_0ZqyRrscG7sDNWsP8gUREeNRrXpvA1YAUqamQRQb8_QA",
  "permissions": [

For the following API calls, we can now use the token we received as Bearer Token as Authorization.

To get a general overview of the available API calls, visit https://my-address/admin.html#!/apis. 

Here, all API calls are listed with the data they require to be executed and can also be tried out. This would be the API description for /login:

Here we see that a usernamePasswordLoginModel is expected which is defined below as an example. If we fill out the field now and execute the request the result looks like this:

The result shows the URL we sent the request to and the curl command.