Log in and get access tokens

Authenticate a contact with email and password and receive access and refresh tokens.

Mutation

mutation Login($input: LoginInput!) {
  login(input: $input) {
    accessToken
    refreshToken
  }
}

Variables

{
  "input": {
    "email": "jan@acme.nl",
    "password": "••••••••"
  }
}

Response

{
  "data": {
    "login": {
      "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
      "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
    }
  }
}

How it works

Send the user's credentials to receive a JWT access token and a refresh token. Include the access token in the Authorization: Bearer <token> header for subsequent requests. When the access token expires, use the refresh token to obtain a new pair without requiring the user to log in again. The LoginInput also accepts an optional provider field for external authentication providers. Store tokens securely — never expose them in URLs or local storage accessible to third-party scripts.

See also

• Get the logged-in user
• Register a new customer or contact