Links

Login

Log in a user.
Rocket.Chat supports various methods of authentication. The list of supported auth services (and their configurations) are in the meteor_accounts_loginServiceConfiguration collection.

Using username and password

To ensure the security of the user's account, it is important not to submit the user's password as plain text. Instead, apply a hashing algorithm (for example - sha-256).
The digest must be lowercase.

Payload Parameters

Argument
Example
Required
Description
user
{ "username": "him" }
Required
The user object containing either the username or email.
password
Required
The password object containing the hashed password and the hash algorithm

Example Payload

{
"digest": "52c53f4abbfe42e1ccd4fd9d864453ee57f8efbd4c9ecec6d88bd83d7f7a9c02",
"algorithm":"sha-256"
}

Example Call

{
"msg": "method",
"method": "login",
"id":"42",
"params":[
{
"user": { "username": "him" },
"password": {
"digest": "52c53f4abbfe42e1ccd4fd9d864453ee57f8efbd4c9ecec6d88bd83d7f7a9c02",
"algorithm":"sha-256"
}
}
]
}

Example Response

Success

{
"msg": "result",
"id": "42",
"result": {
"id": "3Dw26TXWxvi8gwfgM",
"token": "72kB2z5SpnWG-vOSKaAXku74PV851pVOVAoC67FpFEI",
"tokenExpires": {
"$date": 1696417505309
},
"type": "password"
}
}

Error

{
"msg": "result",
"id": "42",
"error": {
"error": 403,
"reason": "Incorrect password",
"message": "Incorrect password [403]",
"errorType": "Meteor.Error"
}
}

Using an authentication token

You can use a previous user authentication token or a Personal Access Token to log in a user.

Payload Parameters

Argument
Example
Required
Description
resume
5BwhTeEXiTmU_8uKxGuy4pqWRHRP73QpJYmoSWfBpc
Required
A personal access token or previous authToken of the user.

Example Call

{
"msg": "method",
"method": "login",
"id": "42",
"params":[
{ "resume": "auth-token" }
]
}

Example Response

This success response format remains the same irrespective of the login method used.
{
"msg": "result",
"id": "42",
"result": {
"id": "LFdhbcNHx5zsMA7T4",
"token": "5BwhTeEXiTmU_8uKxGuy4pqWRHRP73QpJYmoSWfBpcB",
"tokenExpires": {
"$date": 1696418806422
},
"type": "resume"
}
}
If the auth-token is expired, send another login request to get a new authToken with a new expiration date.

Using Authentication providers

OAuth is used to support additional auth providers.

Example Call

{
"msg": "method",
"method": "login",
"id":"42",
"params": [
{
"oauth": {
"credentialToken":"credential-token",
"credentialSecret":"credential-secret"
}
}
]
}
Last modified 3mo ago
Deprecation for cloud services and apps is now extended to November 20, 2023. Rocket.Chat versions receive support for six months after release.