Email Sign In

💡 Sign in with your email and password to receive JWT tokens.

💡 Before You Start — You need the following to proceed:

• Project created

• Email sign-up completed (you need an account to sign in)

• Email auth provider enabled (enabled by default)

💡 APIs Used in This Document

Endpoint	Method	Auth	Description
/v1/auth/email/signin	POST	Not required	Email sign-in
/v1/auth/refresh	POST	Not required	Token refresh

Overview

Signing in with a registered email and password issues an Access Token and Refresh Token. Accounts with MFA enabled must also submit a TOTP code.

---

Sign-in Flow

---

REST API

POST /v1/auth/email/signin

cURL

curl -X POST https://api-client.bkend.ai/v1/auth/email/signin \
  -H "Content-Type: application/json" \
  -H "X-API-Key: {pk_publishable_key}" \
  -d '{
    "method": "password",
    "email": "user@example.com",
    "password": "MyP@ssw0rd!"
  }'

JavaScript

Request Parameters

Parameter	Type	Required	Description
method	string	Yes	Fixed value "password"
email	string	Yes	Registered email address
password	string	Yes	Password
mfaCode	string	Conditional	6-digit TOTP code when MFA is enabled

When MFA Is Enabled

Accounts with MFA enabled must include mfaCode in the request.

curl -X POST https://api-client.bkend.ai/v1/auth/email/signin \
  -H "Content-Type: application/json" \
  -H "X-API-Key: {pk_publishable_key}" \
  -d '{
    "method": "password",
    "email": "user@example.com",
    "password": "MyP@ssw0rd!",
    "mfaCode": "123456"
  }'

Success Response

{
  "accessToken": "eyJhbGciOiJIUzI1NiIs...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIs...",
  "tokenType": "Bearer",
  "expiresIn": 3600
}

Error Responses

Error Code	HTTP	Description
auth/invalid-email	400	Invalid email format
auth/invalid-credentials	401	Email or password mismatch
auth/mfa-required	403	MFA code required
auth/invalid-mfa-code	401	Invalid MFA code
auth/account-banned	403	Account is suspended

---

Using in Your App

The bkendFetch helper automatically includes the required headers.

import { bkendFetch } from './bkend.js';

const result = await bkendFetch('/v1/auth/email/signin', {
  method: 'POST',
  body: {
    method: 'password',
    email: 'user@example.com',
    password: 'MyP@ssw0rd!',
  },
});

localStorage.setItem('accessToken', result.accessToken);
localStorage.setItem('refreshToken', result.refreshToken);

💡 See Integrating bkend in Your App for bkendFetch setup.

---

Token Refresh

When your Access Token expires, use the Refresh Token to obtain new tokens.

curl -X POST https://api-client.bkend.ai/v1/auth/refresh \
  -H "Content-Type: application/json" \
  -H "X-API-Key: {pk_publishable_key}" \
  -d '{
    "refreshToken": "{refresh_token}"
  }'

See Session Management for details.

---

Next Steps

• Magic Link -- Sign in without a password

• Password Management -- Password reset

• Multi-Factor Authentication (MFA) -- Set up two-step verification