Initiate Login

POST/web/v1/system/auth/login/initiate None

Initiates the login flow by validating the user's email and returning the available authentication methods. This is the first step in the multi-step login process.

Required Headers

Header	Example Value	Description
Content-Type	application/json	Request content type
Accept	application/json	Expected response type
X-Client-Hash		Client device fingerprint
Accept-Language	`en`, `zh`, `zh-Hant`, `ja`, `vi`	Response language (default: `en`)

Request Parameters

Name	Type	Required	In	Description
`rawRequestBody`	`String`	Required	body	Raw request body (encrypted via SecureChannel, auto-decrypted by the server)
`email`	`String`	Required	body	User email address (max 255 chars)
`password`	`String`	Required	body	User password (8-128 chars, encrypted in transit via @Encrypted)

Request Example

json

{
  "email": "user@example.com",
  "password": "your_password"
}

Success Response

Success 200

{
  "version": "2.0.0",
  "timestamp": 1711929600000,
  "success": true,
  "code": "2000",
  "message": "SUCCESS",
  "data": {
    "sessionId": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "mfaMethods": [
      {
        "code": "EMAIL",
        "value": 10011001,
        "label": "Email"
      },
      {
        "code": "OTP",
        "value": 10011002,
        "label": "OTP"
      }
    ],
    "expiresIn": 300,
    "accountStatus": null
  }
}

Error Responses

Invalid Credentials 400

{
  "success": false,
  "code": "AUTH.INVALID_CREDENTIALS",
  "message": "Invalid email or password"
}

Notes

The request body is strictly validated; unknown properties will cause a rejection.
If the account is pending approval, the response will include isPendingApproval: true with result code ACCOUNT_PENDING_APPROVAL.
Rate limited to 10 requests per window.

Initiate Login ​

Required Headers ​

Request Parameters ​

Request Example ​

Success Response ​

Error Responses ​