Virola Web API - Login

POST /api/v1/login

Purpose

Authenticates a user using their credentials (username and password). On successful login, a session is created, and a session ID is stored in a secure, HTTP-only cookie.

Authentication

• Not required before calling this endpoint
• Session cookie is issued on success

Request

• Method: POST
• URL: /api/v1/login
• Content-Type: application/json
• Body: Must include both fields:

{
    "userName": "string",
    "password": "string"
}

Response

Success (200 OK)

JSON response example:

{
    "httpStatusCode": 200,
    "userId": 3,
    "userSessionId": "3ca2ba3aaaefff86a57e213026565c4ab7335"
}

Explanation:

• userId: The unique ID of the authenticated user
• userSessionId: The identifier for the newly created session
• A secure, HTTP-only cookie containing the session ID is also set in the response

Error (401 Unauthorized)

JSON response example:

{
    "errorText": "The username or password is invalid.",
    "httpStatusCode": 401
}

Explanation:

• Returned when the credentials are incorrect or missing

Usage Notes

• On successful login, store no session data on the client—rely on the secure cookie.
• This endpoint is typically called from a login form.
• Subsequent authenticated requests should automatically include the session via the browser cookie.

Related Endpoints

• GET /api/v1/status - Check current login state
• POST /api/v1/logout - Log out and invalidate session

All available Web API calls

• Authentication with token – suitable for individual requests
• Authentication with a username and password – suitable for maintaining a session to send multiple requests
• Logout
• Getting user status
• Getting rooms
• Getting and sending messages
• Getting users
• Checking server health