Login Admin
Authenticate an admin user and receive an access token.
Endpoint
Authentication
Not required (public endpoint)
Request Body
Parameters
| Field | Type | Required | Description | Validation |
|---|---|---|---|---|
email |
string | Yes | Admin's email address | Valid email format |
password |
string | Yes | Admin's password | Not empty |
Response
Success (200 OK)
{
"access_token": "encrypted_token_string",
"user": {
"id": 1,
"first_name": "Admin",
"last_name": "User",
"email": "admin@example.com",
"phone": "+994501234567",
"profile_photo": "",
"preferred_language": "AZERBAIJANI",
"role": "2",
"created": "2025-01-15T10:30:00Z"
}
}
Error Responses
Invalid Credentials (401)
Account Not Active (403)
When an admin account exists but is not active (OTP not verified), the system automatically generates and sends a new OTP to the admin's email.
Note: The OTP is automatically sent to the admin's email. The admin must verify the OTP using the Check OTP User endpoint before they can login.
Rate Limited (429)
If an OTP was requested within the last minute, the system will rate limit the request:
Note: Wait at least 1 minute between OTP requests.
Example Request
curl -X POST "https://api.luxmart.site/v1/accounts/login/admin/" \
-H "Content-Type: application/json" \
-d '{
"email": "admin@example.com",
"password": "SecurePass123!"
}'
Notes
- Only users with role "2" (Admin) can login via this endpoint
- User must be active (
is_active: true) to login - If account is not active, a new OTP is automatically generated and sent via email
- OTP requests are rate-limited to once per minute per account
- Token expires after 30 days of inactivity
- Use the
access_tokenin the Authorization header for protected endpoints