Login Store
Authenticate a store and receive an access token.
Endpoint
Authentication
Not required (public endpoint)
Request Body
Parameters
| Field | Type | Required | Description | Validation |
|---|---|---|---|---|
email |
string | Yes | Store's email address | Valid email format |
password |
string | Yes | Store's password | Not empty |
Response
Success (200 OK)
{
"access_token": "encrypted_token_string",
"store": {
"id": 1,
"email": "store@example.com",
"name": "My Store",
"description": "Store description",
"logo_url": "",
"business_address": "123 Main St",
"preferred_language": "AZERBAIJANI",
"contact_phone": "+994501234567",
"percent": 10.5,
"created": "2025-01-15T10:30:00Z"
}
}
Error Responses
Invalid Credentials (401)
Account Not Active (403)
When a store account exists but is not active (OTP not verified), the system automatically generates and sends a new OTP to the store's email.
Note: The OTP is automatically sent to the store's email. The store must verify the OTP using the Check OTP Store endpoint before they can login.
Rate Limited (429)
If an OTP was requested within the last minute, the system will rate limit the request:
Note: Wait at least 1 minute between OTP requests.
Example Request
curl -X POST "https://api.luxmart.site/v1/accounts/login/store/" \
-H "Content-Type: application/json" \
-d '{
"email": "store@example.com",
"password": "SecurePass123!"
}'
Notes
- Only stores with role "3" (Store) can login via this endpoint
- Store must be active (
is_active: true) to login - If account is not active, a new OTP is automatically generated and sent via email
- OTP requests are rate-limited to once per minute per account
- Token expires after 30 days of inactivity
- Use the
access_tokenin the Authorization header for protected endpoints