B2B Saas Authentication

/

API reference

/

Passwords

/

Authenticate

Authenticate

POSThttps://test.stytch.com/v1/b2b/passwords/authenticate

Authenticate a member with their email address and password. This endpoint verifies that the member has a password currently set, and that the entered password is correct.

If you have breach detection during authentication enabled in your password strength policy and the member's credentials have appeared in the HaveIBeenPwned dataset, this endpoint will return a member_reset_password error even if the member enters a correct password. We force a password reset in this case to ensure that the member is the legitimate owner of the email address and not a malicious actor abusing the compromised credentials.

If the Member is required to complete MFA to log in to the Organization, the returned value of member_authenticated will be false, and an intermediate_session_token will be returned. The intermediate_session_token can be passed into the OTP SMS Authenticate endpoint to complete the MFA step and acquire a full member session. The session_duration_minutes and session_custom_claims parameters will be ignored.

If a valid session_token or session_jwt is passed in, the Member will not be required to complete an MFA step.

Body parameters

organization_id*string
email_address*string
password*string
session_tokenstring
session_jwtstring
intermediate_session_tokenstring
session_duration_minutesint
session_custom_claimsmap<string, any>
localestring

Response fields

request_idstring
status_codeint
member_idstring
organization_idstring
memberobject
intermediate_session_tokenstring
member_authenticatedboolean
mfa_requiredobject
primary_requiredobject
organizationobject
session_tokenstring
session_jwtstring
member_sessionobject
curl --request POST \
  --url https://test.stytch.com/v1/b2b/passwords/authenticate \
  -u 'PROJECT_ID:SECRET' \
  -H 'Content-Type: application/json' \
  -d '{
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
    "email_address": "sandbox@stytch.com",
    "password": "OEKx+DtwzEIBz(rc"
  }'

RESPONSE

200
{
    "status_code": 200,
    "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
    "member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
    "organization_id": "organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931",
    "session_jwt": "example_jwt",
    "session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
    "intermediate_session_token": "",
    "member_authenticated": true,
    "mfa_required": null,
    "primary_required": null,
    "member_session": {...},
    "member": {...},
    "organization": {...}
}

Common Error Types