Complete Login

POST/web/v1/system/auth/login/complete None

Completes the login flow by verifying the MFA code or credentials and issuing JWT tokens. Returns access and refresh tokens on success.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	`en`, `zh`, `zh-Hant`, `ja`, `vi`	Response language (default: `en`)

Request Parameters

Name	Type	Required	In	Description
`rawRequestBody`	`String`	Required	body	Raw request body (encrypted via SecureChannel, auto-decrypted by the server)
`sessionId`	`String`	Required	body	Login session ID from the initiate step
`method`	`Integer`	Required	body	MFA method code: 10011001 (EMAIL), 10011002 (OTP), 10011005 (BACKUP_CODE)
`code`	`String`	Required	body	Verification code (6-10 chars)

Request Example

json

{
  "sessionId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "method": 10011001,
  "code": "123456"
}

Success Response

Success 200

{
  "version": "2.0.0",
  "timestamp": 1711929600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": {
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJBQ0NfVEVTVF8wMDEiLCJzaWQiOiJTRVNTXzAwMSIsImlhdCI6MTcxMTkyOTYwMH0.example",
    "refreshToken": "dGVzdC1yZWZyZXNoLXRva2VuLWV4YW1wbGU",
    "expiresIn": 3600,
    "accountStatus": null
  }
}

Error Responses

MFA Code Invalid 400

{
  "success": false,
  "code": "AUTH.MFA_CODE_INVALID",
  "message": "The verification code is incorrect"
}

Notes

If the account is pending approval, the response will include isPendingApproval: true with result code ACCOUNT_PENDING_APPROVAL.
Rate limited to 5 requests per window.
Request body is strictly validated — unknown or unexpected fields will be rejected with HTTP 400.

Complete Login ​

Required Headers ​

Request Parameters ​

Request Example ​

Success Response ​

Error Responses ​