POST Initiate Login endpoint.
Endpoint
POST
/web/v1/system/auth/login/initiate WEBAuthentication
- Chain: WEB
- JWT Token: false
- API Key: false
- Permissions: []
- Secure Channel: REQUIRED
Rate Limit
10 requests per window.
Headers
Frontend Headers
| Header | Required | Description |
|---|---|---|
| X-LOCALE | Yes | 用户的 locale |
| Accept-Language | No | 语言偏好 |
Cloudflare Headers
| Header | Required | Description |
|---|---|---|
| CF-Connecting-IP | Yes | Client IP from Cloudflare |
| CF-IPCountry | Yes | Client country code |
| CF-Ray | Yes | Cloudflare Ray ID |
| CF-Visitor | Yes | Visitor scheme |
| CF-Worker | No | Cloudflare Worker indicator |
| CF-TCP-Port | No | Client TCP port |
| CF-Edge-Keep-Alive | No | Edge keep-alive status |
| CF-Cache-Status | No | Cache status |
| CDN-Loop | No | CDN loop detection |
| X-Real-IP | Yes | Real client IP |
Nginx Headers
| Header | Required | Description |
|---|---|---|
| X-PORTAL-ACCESS-CODE | Yes | Portal access code |
| X-Real-IP | Yes | 客户端真实 IP |
| X-Forwarded-For | Yes | 代理链 |
| X-Forwarded-Proto | Yes | 协议 |
Request Parameters
Body (JSON)
| Field | Type | Required | Description |
|---|---|---|---|
| String | Yes | 用户邮箱 | |
| password | String | Yes | 用户密码(传输中加密) |
Response
200 OK
| Field | Type | Description |
|---|---|---|
| data.sessionId | String | 登录会话 ID(用于后续步骤) |
| data.mfaMethods | List<UserMfaMethod> | 可用的 MFA 方式码列表 |
| data.expiresIn | Long | 会话过期时间(秒) |
| data.accountStatus | UserAccountStatus | 账户状态详情(仅在不可继续 challenge 时) |