Login endpoint
| Method | GET |
|---|
| Route | /api/Authenication/login?username={username}&password={password} |
|---|
| Auth | Anonymous access allowed |
|---|
| Input | username and password as query parameters |
|---|
| Response | Logged-in user object including id, userType, token, and expiry |
|---|
{
"firstName": "string",
"lastName": "string",
"id": "string",
"email": "string",
"username": "string",
"userType": "Partner",
"token": "eyJhbGciOiJIUzI1NiIs...",
"expiresUTC": "2026-03-30T00:00:00Z",
"requiresTwoFactor": false
}
Refresh token endpoint
| Method | POST |
|---|
| Route | /api/Authenication/refresh-token |
|---|
| Auth | Bearer token required |
|---|
| Input | No body |
|---|
| Response | String token value |
|---|
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Portal behavior
The webhook admin only allows partner accounts. If userType is not Partner, login is rejected.
The portal uses the returned id as the partner ID automatically.
The current API still sends credentials in the query string, which works but is not ideal for public integrations.
