> For clean Markdown of any page, append .md to the page URL. > For a complete documentation index, see https://apidocs.movieknight.site/llms.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://apidocs.movieknight.site/_mcp/server. # Login POST {{baseUrl}}/api/auth/login Content-Type: application/json **What:** Verify credentials by email OR username and return a JWT plus the safe user. **Auth:** None. **Body (JSON):** | Field | Type | Required | Description | Example | |---|---|---|---|---| | emailOrUsername | string | yes | Email (case-insensitive) or username (case-sensitive). | `moviefan@example.com` | | password | string | yes | Plaintext password to compare against the stored hash. | `secret123` | **Returns:** `data = { token, user }`. A bad identifier and a bad password both return the same `401` (no leak of which was wrong). Reference: https://apidocs.movieknight.site/movie-knight-api/auth/login ## OpenAPI Specification ```yaml openapi: 3.1.0 info: title: collection version: 1.0.0 paths: /api/auth/login: post: operationId: login summary: Login description: >- **What:** Verify credentials by email OR username and return a JWT plus the safe user. **Auth:** None. **Body (JSON):** | Field | Type | Required | Description | Example | |---|---|---|---|---| | emailOrUsername | string | yes | Email (case-insensitive) or username (case-sensitive). | `moviefan@example.com` | | password | string | yes | Plaintext password to compare against the stored hash. | `secret123` | **Returns:** `data = { token, user }`. A bad identifier and a bad password both return the same `401` (no leak of which was wrong). tags: - subpackage_auth parameters: - name: Authorization in: header description: Bearer authentication required: true schema: type: string responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Auth_Login_Response_200' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/PostApiAuthLoginRequestBadRequestError' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/PostApiAuthLoginRequestUnauthorizedError' requestBody: content: application/json: schema: type: object properties: password: type: string emailOrUsername: type: string format: email required: - password - emailOrUsername servers: - url: '{{baseUrl}}' description: '{{baseUrl}}' components: schemas: ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUserAiUsage: type: object properties: used: type: integer limit: type: integer remaining: type: integer required: - used - limit - remaining title: ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUserAiUsage ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUser: type: object properties: id: type: string bio: type: string name: type: string email: type: string format: email badges: type: array items: description: Any type aiUsage: $ref: >- #/components/schemas/ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUserAiUsage username: type: string avatarUrl: description: Any type createdAt: type: string format: date-time countryCode: description: Any type dateOfBirth: type: string format: date-time required: - id - bio - name - email - badges - aiUsage - username - createdAt - dateOfBirth title: ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUser ApiAuthLoginPostResponsesContentApplicationJsonSchemaData: type: object properties: user: $ref: >- #/components/schemas/ApiAuthLoginPostResponsesContentApplicationJsonSchemaDataUser token: type: string required: - user - token title: ApiAuthLoginPostResponsesContentApplicationJsonSchemaData Auth_Login_Response_200: type: object properties: ok: type: boolean data: $ref: >- #/components/schemas/ApiAuthLoginPostResponsesContentApplicationJsonSchemaData required: - ok - data title: Auth_Login_Response_200 PostApiAuthLoginRequestBadRequestError: type: object properties: ok: type: boolean error: type: string required: - ok - error title: PostApiAuthLoginRequestBadRequestError PostApiAuthLoginRequestUnauthorizedError: type: object properties: ok: type: boolean error: type: string required: - ok - error title: PostApiAuthLoginRequestUnauthorizedError securitySchemes: bearerAuth: type: http scheme: bearer ``` ## Examples **Request** ```json { "password": "secret123", "emailOrUsername": "moviefan@example.com" } ``` **Response** ```json { "ok": true, "data": { "user": { "id": "66a1f2c4e5b3a1234567890a", "bio": "", "name": "Movie Fan", "email": "moviefan@example.com", "badges": [], "aiUsage": { "used": 0, "limit": 5, "remaining": 5 }, "username": "moviefan", "createdAt": "2026-06-25T10:30:00.000Z", "dateOfBirth": "1999-05-20T00:00:00.000Z" }, "token": "{{supabase_service_role_api_key_19n1}}" } } ``` **SDK Code** ```python Auth_Login_example import requests url = "https://{{baseurl}}/api/auth/login" payload = { "password": "secret123", "emailOrUsername": "moviefan@example.com" } headers = { "Authorization": "Bearer ", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json()) ``` ```javascript Auth_Login_example const url = 'https://{{baseurl}}/api/auth/login'; const options = { method: 'POST', headers: {Authorization: 'Bearer ', 'Content-Type': 'application/json'}, body: '{"password":"secret123","emailOrUsername":"moviefan@example.com"}' }; try { const response = await fetch(url, options); const data = await response.json(); console.log(data); } catch (error) { console.error(error); } ``` ```go Auth_Login_example package main import ( "fmt" "strings" "net/http" "io" ) func main() { url := "https://{{baseurl}}/api/auth/login" payload := strings.NewReader("{\n \"password\": \"secret123\",\n \"emailOrUsername\": \"moviefan@example.com\"\n}") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("Authorization", "Bearer ") req.Header.Add("Content-Type", "application/json") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := io.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) } ``` ```ruby Auth_Login_example require 'uri' require 'net/http' url = URI("https://{{baseurl}}/api/auth/login") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true request = Net::HTTP::Post.new(url) request["Authorization"] = 'Bearer ' request["Content-Type"] = 'application/json' request.body = "{\n \"password\": \"secret123\",\n \"emailOrUsername\": \"moviefan@example.com\"\n}" response = http.request(request) puts response.read_body ``` ```java Auth_Login_example import com.mashape.unirest.http.HttpResponse; import com.mashape.unirest.http.Unirest; HttpResponse response = Unirest.post("https://{{baseurl}}/api/auth/login") .header("Authorization", "Bearer ") .header("Content-Type", "application/json") .body("{\n \"password\": \"secret123\",\n \"emailOrUsername\": \"moviefan@example.com\"\n}") .asString(); ``` ```php Auth_Login_example request('POST', 'https://{{baseurl}}/api/auth/login', [ 'body' => '{ "password": "secret123", "emailOrUsername": "moviefan@example.com" }', 'headers' => [ 'Authorization' => 'Bearer ', 'Content-Type' => 'application/json', ], ]); echo $response->getBody(); ``` ```csharp Auth_Login_example using RestSharp; var client = new RestClient("https://{{baseurl}}/api/auth/login"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "Bearer "); request.AddHeader("Content-Type", "application/json"); request.AddParameter("application/json", "{\n \"password\": \"secret123\",\n \"emailOrUsername\": \"moviefan@example.com\"\n}", ParameterType.RequestBody); IRestResponse response = client.Execute(request); ``` ```swift Auth_Login_example import Foundation let headers = [ "Authorization": "Bearer ", "Content-Type": "application/json" ] let parameters = [ "password": "secret123", "emailOrUsername": "moviefan@example.com" ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://{{baseurl}}/api/auth/login")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error as Any) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume() ```