# Authentication API (Login API) Tellius provides backend APIs that allow advanced custom development, full UI control, and tight integration into your applications. Before calling any secured Tellius API (such as Insights APIs or Search APIs), you must first authenticate and obtain a temporary access token. ### **Endpoint** ```perl POST https:///api/auth/login ``` ```bash curl 'https://qa1.dev.tellius.com/api/auth/login' \ -H 'sec-ch-ua-platform: "macOS"' \ -H 'Referer: https://qa1.dev.tellius.com/login' \ -H 'sec-ch-ua: "Google Chrome";v="135", "Not-A.Brand";v="8", "Chromium";v="135"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'csrf: 2rp6y9fqnek' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36' \ -H 'Accept: application/json, text/plain, */*' \ -H 'Content-Type: application/json' \ --data-raw '{"username":"","password":""}' ``` {% hint style="info" %} Replace `` and `` with your Tellius login credentials. Make sure the `csrf` header is passed (usually found in the page source when you are logged into Tellius). {% endhint %} ### **Request example** ``` { "username": "your_username", "password": "your_password" } ``` ### **Response example** ``` { "id": "ba8bbdae-561c-4fff-aba4-33d12941243c", "message": "Login successful", "token": "" } ``` ### **Session-based vs Token-based Authentication** When calling the Login API, you can optionally include a `"session": true` parameter in the request body. Tellius server creates a session and manages authentication via cookies. This is recommended for browser-based apps where automatic cookie handling is preferred. No need to manually send `Authorization` header after login. If omitted, by default, Tellius returns a JWT access token. Recommended for mobile apps, API integrations, where you must manually send the JWT in the `Authorization: Bearer ` header for each API call.