# Login

> Authenticate with the Copyleaks API using your email and API key

<RequestExample>

```bash title="cURL" icon="terminal"
export COPYLEAKS_EMAIL="your@email.address"
export COPYLEAKS_API_KEY="your-api-key-here"

curl --request POST \
  --url https://id.copyleaks.com/v3/account/login/api \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data "{
    \"email\": \"${COPYLEAKS_EMAIL}\",
    \"key\": \"${COPYLEAKS_API_KEY}\"
  }"
```

```python title="Python" icon="python"
from copyleaks.copyleaks import Copyleaks

EMAIL_ADDRESS = "your@email.address"
API_KEY = "your-api-key-here"

auth_token = Copyleaks.login(EMAIL_ADDRESS, API_KEY)
print("Logged successfully!\nToken:", auth_token)
```

```javascript title="JavaScript" icon="square-js"
const { Copyleaks } = require("plagiarism-checker");

const EMAIL_ADDRESS = "your@email.address";
const API_KEY = "your-api-key-here";
const copyleaks = new Copyleaks();

copyleaks.loginAsync(EMAIL_ADDRESS, API_KEY).then(
  (loginResult) => console.log("Access Token:", loginResult.access_token),
  (err) => { throw err; }
);
```

```java title="Java" icon="java"
import com.copyleaks.sdk.api.Copyleaks;

String EMAIL_ADDRESS = "your@email.address";
String API_KEY = "00000000-0000-0000-0000-000000000000";

String authToken = Copyleaks.login(EMAIL_ADDRESS, API_KEY);
System.out.println("Logged successfully!\nToken: " + authToken);
```

</RequestExample>

<ResponseExample>

```json 200 OK
{
  "access_token": "ACLNSKNSDAACCAJANCOIUiausoo_saidjaskldjoa...",
  ".issued": "2018-11-24T16:15:38.2431255+02:00",
  ".expires": "2018-11-26T16:15:38.2431255+02:00"
}
```

</ResponseExample>

Login to the Copyleaks API using your email and API key.

Once logged in, you will get back a login token that will be used to authenticate yourself when calling the other API methods.

After generating the login-token, you should attach the token for your next calls. Attaching the endpoint is done by adding this header to your calls: 

```http
Authorization: Bearer TOKEN
```

A generated token is valid for **48 hours**. Within this period of time, you can use it multiple times. Before attaching the `Authorization` header for your next endpoint calls, make sure that the token has not expired. If it expired, generate a new one.

<Warning title="Handle tokens carefully">
The Copyleaks API token should be treated as a password. Attackers, who can gain access to this token, can access your private information and modify it.
</Warning>

<Warning title="API Rate Limit">
**12 requests per account/15 minutes**

If you exceed the API limit, authentication will be blocked for 5 minutes (Rate Limit Exceeded HTTP 429 - Too Many Requests).
</Warning>

## Request

### Headers

```http
Content-Type: application/json
Accept: application/json
```

### Body

<ParamField body="email" type="string" required>
  Your Copyleaks account email address
</ParamField>
<ParamField body="key" type="string" required>
  Your Copyleaks account API key (UUID format)
</ParamField>

## Responses

<Tabs>
  <Tab title="200">
    <Check>**200 OK** - The command was executed successfully.</Check>

    ```json
    {
      "access_token": "ACLNSKNSDAACCAJANCOIUiausoo_saidjaskldjoa...",
      ".issued": "2018-11-24T16:15:38.2431255+02:00",
      ".expires": "2018-11-26T16:15:38.2431255+02:00"
    }
    ```
  </Tab>
  <Tab title="400">
    <Warning>**400 Bad Request** - Invalid request format or missing required fields</Warning>
  </Tab>
  <Tab title="401">
    <Warning>**401 Unauthorized** - Invalid email or API key</Warning>
  </Tab>
  <Tab title="429">
    <Warning>**429 Too Many Requests** - Rate limit exceeded (blocked for 5 minutes)</Warning>
  </Tab>
</Tabs>
