Login User¶

The Login User endpoint is used to authenticate an existing user in the Petstore system.

This operation validates the provided username and password and returns a successful response when the credentials are correct.

Endpoint¶

GET /user/login

Base URL¶

https://petstore.swagger.io/v2/user/login

Query Parameters¶

Parameter	Type	Required	Description
username	string	Yes	Username used for authentication
password	string	Yes	Password associated with the user account

Request Headers¶

Header	Required	Description
accept	No	Specifies the expected response format

Supported Response Formats¶

The endpoint supports the following response formats:

Content Type	Usage
application/json	JSON response payload
application/xml	XML response payload

Sample Request¶

cURLPythonJavaScript

curl -X GET "https://petstore.swagger.io/v2/user/login?username=samdev&password=Password@123" \
-H "accept: application/json"

import requests

url = "https://petstore.swagger.io/v2/user/login"

params = {
    "username": "samdev",
    "password": "Password@123"
}

response = requests.get(url, params=params)

print(response.text)

const params = new URLSearchParams({
  username: "samdev",
  password: "Password@123"
});

fetch(`https://petstore.swagger.io/v2/user/login?${params}`, {
  method: "GET",
  headers: {
    "accept": "application/json"
  }
})
.then(response => response.text())
.then(data => console.log(data));

Successful Response¶

JSONXML

{
  "code": 200,
  "type": "unknown",
  "message": "logged in user session:1234567890"
}

<ApiResponse>
  <code>200</code>
  <type>unknown</type>
  <message>logged in user session:1234567890</message>
</ApiResponse>

Response Codes¶

Status Code	Description
200	User authenticated successfully
400	Invalid username or password
404	User account not found

Error Response Example¶

{
  "code": 400,
  "type": "error",
  "message": "Invalid username/password supplied"
}

Notes¶

Both username and password query parameters are required.
Credentials should be transmitted only over secure HTTPS connections.
Avoid exposing passwords in logs, browser history, or public URLs in production environments.
Session handling behavior may vary depending on the server implementation.