# Login

Sign in a user with email and user key, returning a JWT token which is valid for 10 minutes.
If you omit the organization, it defaults to the last one you signed in to.

Endpoint: POST /api/v2.0/login
Version: 2.0
Security: bearer-key

## Request fields (application/json):

  - `email` (string, required)
    Example: "jon.smith@mail.com"

  - `orgToken` (string)
    org UUID (by running Entities - Organization > Get User Organizations) or API Key (from the Mend SCA App: Integrate tab > API Key).
    Example: "123e4567-e89b-12d3-a456-426655440000"

  - `userKey` (string, required)
    Equivalent to a personal access token. Avoid pasting as plain text where it might be compromised. For a service user (recommended), you can find the user key in the Mend SCA App in Admin > Users. [Learn more](https://docs.mend.io/bundle/mend_maintenance/page/managing_service_users.html). For local testing purposes, you could also use one of your own personal user keys from your user profile page in the Mend SCA App.
    Example: "***********"

## Response 200 fields (application/json):

  - `supportToken` (string)
    Example: "1171c60d"

  - `retVal` (object)

  - `retVal.correlationId` (string)

  - `retVal.userUuid` (string)

  - `retVal.userName` (string)

  - `retVal.email` (string)

  - `retVal.refreshToken` (string)

  - `retVal.jwtToken` (string)

  - `retVal.orgName` (string)
    Example: "Organization A"

  - `retVal.orgUuid` (string)
    Example: "123e4567-e89b-12d3-a456-426655440000"

## Response 400 fields (*/*):

  - `supportToken` (string)
    Example: "1171c60d"