# Authentication & Authorization

## Authentication

In order to login using the API, you must submit your API credentials supplied to you by Ibanera, in addition to a one time password (`otp`). The login endpoint authenticates a user by validating their credentials and TOTP code, providing an access token for subsequent API requests.

[Refer to our guide on Generating a Time-Based One-Time Password (TOTP) with a Shared Secret.](/getting-started/authentication-and-authorization/generating-a-time-based-one-time-password-totp-with-a-shared-secret.md)

* **Endpoint:** `/api/v1/public/auth/login`
* **Method:** `POST`

{% openapi src="/files/FvdwoJS3Dil80FZGCCyt" path="/api/v1/public/auth/login" method="post" expanded="true" %}
[Customer API - Public.json](https://1042261367-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FxYGT6bxbvntyOdsHjmeN%2Fuploads%2Fgit-blob-6face27c0a15b254555d05b77ca4cd8e06609f27%2FCustomer%20API%20-%20Public.json?alt=media)
{% endopenapi %}

**Request Body Parameters:**

* `username` (String): The username of the user attempting to log in—required.
* `password` (String): The password associated with the username—required.
* `otp` (String): A time-based one-time password (TOTP) generated from the user's shared secret—required.

**Request Example:**

```json
{
  "username": "exampleUser",
  "password": "examplePass",
  "otp": "123456"
}
```

**Response Body Parameters:**

* `id` (Integer): A numerical identifier of the response, often representing the authenticated user’s ID.
* `details` (Object):
  * `accessToken` (String): The bearer token provided upon successful authentication.
  * `expiresIn` (Integer): The number of seconds until the token expires.

**Success Response Example:**

```json
{
  "id": 0,
  "details": {
    "accessToken": "eyJhbGciOiJIUzI1Ni...",
    "expiresIn": 3600
  },
  "status": "1",
  "errors": []
}
```

***

## Authorization

API requests are authorized if the headers contains both the `Authorization` and `otp` fields.

<table><thead><tr><th>Header Key</th><th width="272">Expected Value</th><th>Example</th></tr></thead><tbody><tr><td>Authorization</td><td>Bearer {{accessToken}}</td><td>Bearer eyJhbGciOiJIUzI1Ni...</td></tr><tr><td>otp</td><td><p>TOTP using:</p><ul><li>SHA-1 hash</li><li>6 digit output</li><li>30 second interval<br>based on the user’s shared secret.</li></ul></td><td>679008</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://customer-api-docs.ibanera.com/getting-started/authentication-and-authorization.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.