POST
/User/Login
When to Use
- Authenticate user credentials to access the 7G API system
- Obtain access tokens for subsequent API calls
- Initialize secure sessions for automated trading systems
- Set up authentication for batch processing workflows
Prerequisites
- Valid user account with 7G API access permissions
- Username and password credentials
Considerations
⚠️ Authentication & Security Controls
- Rate Limiting: 3 failed login attempts within 10 minutes trigger account lockout - wait 10 minutes before retrying
- IP Address Restrictions: Login attempts from non-whitelisted IP addresses are blocked for security
- Account Status: Disabled user accounts cannot authenticate regardless of correct credentials
- Token Expiration: Access tokens expire based on system configuration - use refresh tokens to extend sessions
Description
Authenticates user credentials and returns access tokens required for accessing all other 7G API endpoints (except Common/Lookup and Common/HealthCheck). The response includes both an access token for immediate use and a refresh token for obtaining new access tokens when they expire.
Authentication Flow
- Submit username and password credentials
- System validates credentials against user database
- Returns access token (for API calls) and refresh token (for token renewal)
- Use access token in Authorization header for subsequent API requests
- Refresh access token using refresh token before expiration
Required Headers
No Authorization Header Required - This endpoint is publicly accessible without authentication.
| Header | Value | Description |
|---|---|---|
| Content-Type | application/json | Request content type |
| Version | 2.0 | API version identifier |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
username |
string(255) | Your 7G API username. | |
password |
string(255) | Your 7G API password. |
username
Your 7G API username.
password
Your 7G API password.
Security Best Practices
- Always use HTTPS to encrypt credentials during transmission
- Store credentials securely using environment variables or secure vaults
- Implement proper error handling to avoid credential exposure in logs
- Monitor failed authentication attempts for security threats
- Use refresh tokens to minimize access token lifetime exposure
Example Requests
json
{
"username": "api_user",
"password": "secure_password_123"
}Response Examples
json
{
"accessToken": "eyJxxCJ9.eyJxxxpYyJ9.8Csxx3S-jMxxnv-4Nxxfw",
"refreshToken": "cZkxxx4Y="
}