> ## Documentation Index
> Fetch the complete documentation index at: https://docs.neuro-tech.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Login

> Exchange credentials for a short-lived JWT

## Overview

Authenticates a user and returns a JWT. This method is intended for
programmatic clients and is an alternative to browser-based login flows.

## HTTP request

`POST /Agent/Account/Login`

## Authentication

Sign the request using HMAC-SHA256 with the account password as the key.

Signature message:

```
userName:host:nonce
```

## Request body

```json theme={null}
{
  "userName": "alice",
  "nonce": "random-unique-string-at-least-32-chars",
  "signature": "base64-hmac",
  "seconds": 3600
}
```

| Field       | Type   | Required | Description                                      |
| ----------- | ------ | -------- | ------------------------------------------------ |
| `userName`  | string | yes      | Username to authenticate.                        |
| `nonce`     | string | yes      | Unique random string (minimum 32 chars).         |
| `signature` | string | yes      | HMAC signature of the request.                   |
| `seconds`   | number | yes      | JWT lifetime in seconds (`0 < seconds <= 3600`). |

## Response

```json theme={null}
{
  "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires": "2024-08-02T11:22:11Z"
}
```

| Field     | Type   | Description               |
| --------- | ------ | ------------------------- |
| `jwt`     | string | JWT bearer token.         |
| `expires` | string | JWT expiration timestamp. |

## Security tips

* Store passwords securely and avoid logging them.
* Never reuse a nonce.

## Next steps

* Refresh tokens: [Refresh](/manual-api-reference/accounts/refresh)
* End sessions: [Logout](/manual-api-reference/accounts/logout)
