Login

post/api/v2/user/login

Creates a short-lived (1 hour) access token for use with the API. BitGo doesn't recommend using this endpoint for scripting. Instead, use the SDK or the web UI to create long-lived access tokens. However, short-lived access tokens are the only access tokens with the "user_manage" scope that enables you to programmatically add users to your enterprise using the Add User to Enterprise endpoint.

Request Body

email string <email>required
The email address of the user.
Example: user@email.com
extensible boolean
"true" if the session is extensible beyond a one-hour duration
Example: false
otp string required
Second factor authentication token.
Example: 123456
password string required
Example: secret

200 Response

access_token string
Example: 9b72c68ef394f5146f0f3efc1feafb7a971752cb00e79fafcfd8c1d2db83639c
derivationPath string
encryptedECDHXprv string
encryptedToken string
expires_at number required
Unix timestamp
Example: 1534201288
expires_in number required
noECDHKeychain boolean
scope array[string] required
Example: ["crypto_compare","user_manage","openid","profile","wallet_create","wallet_manage_all","wallet_approve_all","wallet_spend_all","wallet_edit_all","wallet_view_all"]
token_type string required
grant_type string required
Represents the login method that was used
Allowed values: password passkey refresh_token authorization_code
user object required
Fields that will always be populated in accordance with the defined codec If you find other fields that will provably always be populated on a given user (even for legacy users created long ago), that field can be moved to UserRequiredFields
agreements object required
The agreements the user has accepted
allowedCoins array[string] required
The coins the user is allowed to use
bitgoEmployee boolean required
Whether the user is a BitGo employee
currency object required
The user's preferred currency
disableReset2FA boolean required
Whether the user has disabled 2FA reset
organizations array[object] required
The organizations the user is a member of
featureFlags array[string] required
Any feature flags the user has enabled
forceResetPassword boolean required
Whether the user has forced a password reset
identity object required
The user's identity information
otpDevices array[object] required
The user's devices that can be used for OTP authentication
phone object required
The user's phone number
timezone string required
The user's timezone
apps
country string
The country of the user
Example: USA
ecdhKeychain
string or null
The user's ECDH keychain
isActive boolean
Whether the user is active
isFrozen boolean
Whether the user is frozen
freezeReason string
The reason the user is frozen if they are frozen
Example: Frozen due to suspicious activity
lastLogin string <date-time>
The last login time of the user
locale string
The user's locale
pgpKey string
The user's PGP key
rateLimits
referrer object
The referrer of the user
signupDomain string
The signup domain of the user
state string
The state of the user
Example: New York
sourceVerificationRequired boolean
Whether source verification is required for the user
sourceVerificationRequiredForReadOnlyAccess boolean
Whether source verification is required for read-only access
recoveryCodeSet object
The recovery code set for the user
createTime string
id string required
The unique identifier for the user
Example: 59cd72485007a239fb00282ed480da1f
Match pattern: ^[0-9a-f]{32}$
username string <email>required
The username of the user
Example: user@email.com
name object required
The name of the user
enterprises array[object] required
The enterprise(s) the user is a member of
email object required
The email address of the user
warning string

400 Response

name string
Error code
context object required
Properties that apply to a specific error name
error string required
Human-readable error message
requestId string required
Client request id

401 Response

name string
Error code
context object required
Properties that apply to a specific error name
error string required
Human-readable error message
requestId string required
Client request id