> ## Documentation Index > Fetch the complete documentation index at: https://gcore.com/docs/llms.txt > Use this file to discover all available pages before exploring further. # Login > Log in to get access to your account and services. If you have more than one account, you will be logged in the first account. To select an account make an [additional request](GET /auth/jwt/clients/{clientId}/login) after successful log in. [Sign up](https://auth.gcore.com/login/signup) This method is available only for users who log in by email. Use [API Tokens](GET /clients/{clientId}/tokens) to get access to your services if use social networks (Google, GitHub) to log in. **Permission** In addition to authentication, the API checks if the role of the user is authorized to perform the requested action. **Token Expiration** The access token will expire in an hour, the refresh token — in 24 hours. ## OpenAPI ````yaml /api-reference/services_documented/iam_api.yaml post /iam/auth/jwt/login openapi: 3.1.0 info: title: Gcore OpenAPI – IAM API description: >- This OpenAPI is an aggregated OpenAPI specification that unifies all Gcore products into a single file. It covers Cloud, CDN, DNS, WAAP, DDoS Protection, Object Storage, Streaming, and FastEdge services. version: '2026-05-11T15:10:30.328297+00:00' servers: - url: https://api.gcore.com security: - APIKey: [] tags: - name: Account description: >- Account management operations including authentication, password management, and account details. x-displayName: Account - name: API Tokens description: >- Use permanent API tokens for regular automated requests to services. You can either set its validity period when creating it or issue a token for an unlimited time. Please address the API documentation of the specific product in order to check if it supports API tokens. Newer endpoints under `/v2/…` issue tokens using `_` (underscore) as the separator (for example `42_a1b2c3d4e5f6...`) and are the recommended way to create new tokens. Legacy endpoints that issue `$`-separated tokens are marked deprecated and will be removed on **2026-07-17**; tokens that were already issued keep authenticating. Provide your APIKey in the Authorization header. Example: ```curl -H "Authorization: APIKey 42_a1b2c3d4e5f6..." https://api.gcore.com/iam/users/me``` Please note: When authorizing via SAML SSO, our system does not have any information about permissions given to the user by the identity provider. Even if the provider revokes the user's access rights, their tokens remain active. Therefore, if necessary, the token will need to be deleted manually. x-displayName: API Tokens - name: Users x-displayName: Users paths: /iam/auth/jwt/login: post: tags: - Account summary: Login description: >- Log in to get access to your account and services. If you have more than one account, you will be logged in the first account. To select an account make an [additional request](GET /auth/jwt/clients/{clientId}/login) after successful log in. [Sign up](https://auth.gcore.com/login/signup) This method is available only for users who log in by email. Use [API Tokens](GET /clients/{clientId}/tokens) to get access to your services if use social networks (Google, GitHub) to log in. **Permission** In addition to authentication, the API checks if the role of the user is authorized to perform the requested action. **Token Expiration** The access token will expire in an hour, the refresh token — in 24 hours. operationId: iamLoginUser requestBody: content: application/json: schema: $ref: '#/components/schemas/LoginRequest' responses: '200': $ref: '#/components/responses/LoginSuccess' '400': description: Login failed. content: application/json: schema: $ref: '#/components/schemas/LoginError' security: [] components: schemas: LoginRequest: type: object required: - password - username properties: username: type: string description: User's email address. password: type: string description: User's password. one_time_password: type: string description: User's authenticator passcode in case of enabled 2fa. example: username: you@yourcompany.com password: yourpassword one_time_password: authenticator passcode LoginError: oneOf: - allOf: - $ref: '#/components/schemas/ValidationError' - example: errors: password: - This field is required - $ref: '#/components/schemas/JSONParseError' - $ref: '#/components/schemas/LoginFailureNoActiveAccountFound' Token: type: object required: - refresh - access properties: refresh: $ref: '#/components/schemas/RefreshToken' access: $ref: '#/components/schemas/AccessToken' ValidationError: title: Validation error type: object properties: errors: type: object description: This object contains error descriptions per field from your request. additionalProperties: type: array description: Error list for specific field. items: type: string description: Error description JSONParseError: title: Invalid request JSON schema type: object properties: message: type: string description: >- This message describes error if json schema from your request is invalid. example: > JSON parse error - Expecting ',' delimiter: line 3 column 33 (char 77) LoginFailureNoActiveAccountFound: title: No active account found type: object properties: errors: type: object properties: errors: type: array items: type: string enum: - No active account found with the given credentials. description: >- Username or password is incorrect. Check you username and password and try again. RefreshToken: type: string description: |- Use this token to refresh the access token via [`/auth/jwt/refresh`](POST /auth/jwt/refresh) method. example: >- eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTYwMTcwNzA5MiwianRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQiLCJ1c2VyX2lkIjo1LCJ1c2VyX3R5cGUiOiJjb21tb24iLCJ1c2VyX2dyb3VwcyI6WyJBZG1pbmlzdHJhdG9ycyJdLCJjbGllbnRfaWQiOjIsImVtYWlsIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJ1c2VybmFtZSI6InRlc3R1c2VyQGV4YW1wbGUuY29tIiwic3NvX2VudGl0eSI6bnVsbCwiaXNfYWRtaW4iOmZhbHNlLCJjbGllbnRfbmFtZSI6IlRlc3QgQ29tcGFueSIsImV4Y2hhbmdlYWJsZSI6dHJ1ZX0.C-RuHDWLpu1bd0_SoZgbkqSqA65egSBigKikeEKXkdK-PRVx4ZUIMdkJd-L4ebeydDHgeq3AwXbDBSqPuXZMTKTFKe1HTvpLycTNkTKa-dp9nTq0VwfUlf3G7QajEJA1UiQ7IhSDZJK5NBkEzs_-PFtPOQjeE2u2AbKKJ_SK3hNi1BVU3uVjfWsMVwGDkVnPIa0aLtYDTYd2QKN5InBGh06XITFD_P_IETfwhw7yG4PvLWGejGQO9jJx1ViFYCQi-O8vLR9-mjwaD8Ngc5O8v3mnzRkkxeWoukSW1p8eWiGf7QaLg-zSI6pNFO3_LO-ILHcJ394GJzW2rSpaAgvxwRHDIulDxJtAbqyxykLgnDSHUZbKq8mgQqkeshbmQ-BUT_nkYj1LcQisNTGp4QsDRdi095QQIXLntJiGC59BxpZQ5y3j67AZHG9qiVuHQSlHBaQKBAFdA_d7CRqV7TzsT4p3cHVXF_VccBM06pItkYYY5Xj0bQPU6qWf26bONnYh1FHOlaejw2mGc_FsPpi0soGUh-1v_Qs6C4N086VJ5uYSHw_M3MNcGBjAahnUdrKNX_8gmbTDwYNw7h1ELPYfBAFeQJrdTOOQPfUHzkt9g67DHdxRDHMQxz933Wxmfl_5fiHWoWE82n5ZA110BZB9JQoP7Tqtg4qIZoE1M6Knh14 AccessToken: type: string description: Use this token to access API. example: >- eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjAxNjI0MjkyLCJqdGkiOiI0Mjk1ZjZhMjI4ZTE0MmE3YjA1ZmIxYjE5MjlhZjZlYyIsInVzZXJfaWQiOjUsInVzZXJfdHlwZSI6ImNvbW1vbiIsInVzZXJfZ3JvdXBzIjpbIkFkbWluaXN0cmF0b3JzIl0sImNsaWVudF9pZCI6MiwiZW1haWwiOiJ0ZXN0dXNlckBleGFtcGxlLmNvbSIsInVzZXJuYW1lIjoidGVzdHVzZXJAZXhhbXBsZS5jb20iLCJzc29fZW50aXR5IjpudWxsLCJpc19hZG1pbiI6ZmFsc2UsImNsaWVudF9uYW1lIjoiVGVzdCBDb21wYW55IiwiZXhjaGFuZ2VhYmxlIjp0cnVlLCJyanRpIjoiMGFmOGU3NTMzYWEyNDM0YmI4M2NmMjA1ZWM2NTMwZjQifQ.aJjVE3_mC8fimclIPggD0ynh0EIwO8kCEffhFN4CxbaDBGz4R2Xn2mJQqhsRB2YoDCx_oH3uLii6aM_6OQtc2DbIElfN1KHoQmzzEjxKKXlgTOF_gsq9dVwQ9hajeOsQu5ly1rMk41WW1LrQ6Nkb_v6LC8g57Ah4h2pGot44h87BDsG6uUyMFVV3ZTJjkVNWJxceljFeDPO5rhx-ujtkX5iYwAeVh6HAq3I4Sw7OO5LZHF9pnhNBJVRNu8HlBNyk5UVB7uyStc9vjAnjGJyqc4yWL3QVTz7BMtvXX19W6sypl_YQiYzz5dsOiL4dzsI5RERBVt9DtOytSqDNigF_WTVUn0VsmXEK1oDGb8I2AWuAmiKYxizKY2JEOHoUz7B1L87fiPg5fNlv3QDrFJhuy1M6A-72jL1-N4tCGhUCQubvZEv90JshAhc6A5W88ghtjS_W80xt63gpvK81vE9b3coutIBnh-yvzEwTvudm3YKTnRrNBxRT01tdiJVEKoJ1poST0BxzxtGAvW_JgASTcOqQcFR6-Rr5smDSOki_mKVqODbRgcAj7CeNOvrwDZqC2XlQkTLvlo6msNvyVQH8vugRzPsbZK7F3pCvOEB5ub2WY6a1ui7lm-mAVyAs1VbzCHEnLu5GiXmyNE-mlNXQlAS1xz5P751rANnwODJJFz0 responses: LoginSuccess: description: OK. content: application/json: schema: $ref: '#/components/schemas/Token' securitySchemes: APIKey: description: >- API key for authentication. Make sure to include the word `apikey`, followed by a single space and then your token. Example: `apikey 1234$abcdef` type: apiKey in: header name: Authorization ````