> Portal Navigation: > > - Append `.md` to any URL under `https://dev.wix.com/docs/` to get its markdown version. > - Pages are either content pages (article or reference text) or menu pages (a list of links to child pages). > - To get a menu page, truncate any URL to a parent path and append `.md` (e.g. `https://dev.wix.com/docs/sdk.md`, `https://dev.wix.com/docs/sdk/core-modules.md`). > - Top-level index of all portals: https://dev.wix.com/docs/llms.txt > - Full concatenated docs: https://dev.wix.com/docs/llms-full.txt # LoginV2 # Package: headless # Namespace: AuthenticationService # Method link: https://dev.wix.com/docs/api-reference/business-management/headless/authentication/login-v-2.md ## Introduction Logs in an existing member. Typically, after a successful login, you generate and use member tokens for the logged-in member so that subsequent API calls are called as part of a member session. Use the `sessionToken` in the response to [get the site member's access and refresh tokens](https://dev.wix.com/docs/go-headless/coding/rest-api/visitors-and-members/handle-members-with-custom-login.md#get-the-site-members-access-and-refresh-tokens). --- ## REST API ### Schema ``` Method: loginV2 Description: Logs in an existing member. Typically, after a successful login, you generate and use member tokens for the logged-in member so that subsequent API calls are called as part of a member session. Use the `sessionToken` in the response to [get the site member's access and refresh tokens](https://dev.wix.com/docs/go-headless/coding/rest-api/visitors-and-members/handle-members-with-custom-login.md#get-the-site-members-access-and-refresh-tokens). URL: https://www.wixapis.com/v2/login Method: POST Method parameters: param name: captchaTokens | type: array | description: CAPTCHA tokens, when CAPTCHA setting is on. - ONE-OF: - name: Recaptcha | type: string | description: - name: InvisibleRecaptcha | type: string | description: - name: NoCaptcha | type: string | description: - name: recaptchaForClientSiteKey | type: RecaptchaForClientSiteKey | description: Use this when the client has registered their own reCAPTCHA site key (e.g., branded apps, headless apps). - name: token | type: string | description: The reCAPTCHA token obtained from the client-side reCAPTCHA widget. - name: siteKeyId | type: string | description: The site key GUID registered in ReCAPTCHA service SDL for this client's reCAPTCHA configuration. param name: clientMetaData | type: clientMetaData | description: Additional data that's relevant for the flow. param name: loginId | type: LoginId | required: true - name: email | type: string | description: Login email address. param name: password | type: password | description: Password of the identity logging in. Return type: StateMachineResponse - name: state | type: StateType | description: Current state of the login or registration process. - enum: - UNKNOWN_STATE: Initial unknown state. - SUCCESS: Login completed successfully. - REQUIRE_OWNER_APPROVAL: Member needs the owner to approve their registration. - REQUIRE_EMAIL_VERIFICATION: Member needs to verify their email. - STATUS_CHECK: The `status` is not one that prevents the member logging in, meaning it's not `OFFLINE`, `BLOCKED`, or `DELETED`. - name: sessionToken | type: string | description: Session token. If `state` is not `SUCCESS`, this field is undefined. - name: stateToken | type: string | description: Token that represents the current state of the login or registration process. - name: identity | type: Identity | description: Identity of the current member. - name: id | type: string | description: Identity GUID. - name: revision | type: string | description: Revision number, which increments by 1 each time the identity is updated. To prevent conflicting changes, the current revision must be passed when updating the identity. Ignored when creating an identity. - name: createdDate | type: string | description: Date and time the identity was created. - name: updatedDate | type: string | description: Date and time the identity was updated. - name: connections | type: array | description: The identity configured connections to authenticate with. - ONE-OF: - name: idpConnection | type: IdpConnection | description: IDP connection. - name: idpConnectionId | type: string | description: IDP connection GUID. - name: idpUserId | type: string | description: IDP user GUID. - name: authenticatorConnection | type: AuthenticatorConnection | description: Authenticator connection. - name: authenticatorConnectionId | type: string | description: Authenticator connection GUID. - name: reEnrollmentRequired | type: boolean | description: Whether re-enrollment is required. - name: identityProfile | type: IdentityProfile | description: Identity profile. - name: firstName | type: string | description: Member's first name. - name: lastName | type: string | description: Member's last name. - name: nickname | type: string | description: Member's display nickname. - name: picture | type: string | description: URL to member's profile picture. - name: labels | type: array | description: Labels associated with the member. - name: language | type: string | description: Member's preferred language code. - name: privacyStatus | type: PrivacyStatus | description: Member's profile visibility setting. - enum: - UNDEFINED: No privacy status defined. - PUBLIC: Profile details are visible to other members. - PRIVATE: Profile details are hidden from other members. - name: customFields | type: array | description: Any number of custom fields. [Custom fields](https://support.wix.com/en/article/adding-custom-fields-to-contacts) are used to store additional information about your site or app's contacts. - name: name | type: string | description: Custom field name matching an extended field key (without `custom.` prefix). Must match a key from [`List Extended Fields`](https://dev.wix.com/docs/rest/api-reference/contacts/extended-fields/list-extended-fields.md). - name: value | type: CustomValue | description: Value for the custom field. - ONE-OF: - name: strValue | type: string | description: Text value. - name: numValue | type: number | description: Numeric value. - name: dateValue | type: string | description: Date/time value. - name: listValue | type: ListValue | description: List of values. - name: value | type: array | description: List of custom values. - name: mapValue | type: MapValue | description: Key-value pairs. - name: value | type: Map | description: Map of custom field values. - name: boolValue | type: boolean | description: Bool value - name: secondaryEmails | type: array | description: Additional email addresses for the member. - name: email | type: string | description: Secondary email address. - name: tag | type: EmailTag | description: Email tag. - enum: UNTAGGED, MAIN, HOME, WORK - name: phonesV2 | type: array | description: Phone numbers associated with the member. - name: countryCode | type: string | description: Country code for the phone number. - name: phone | type: string | description: Phone number without country code. - name: tag | type: PhoneTag | description: Phone tag. - enum: UNTAGGED, MAIN, HOME, MOBILE, WORK, FAX - name: addresses | type: array | description: Physical addresses for the member. - name: address | type: Address | description: Physical address details. - name: country | type: string | description: Country code. - name: subdivision | type: string | description: Subdivision. Usually a state, region, prefecture, or province code, according to [ISO 3166-2](https://en.wikipedia.org/wiki/ISO_3166-2). - name: city | type: string | description: City name. - name: postalCode | type: string | description: Zip/postal code. - name: addressLine | type: string | description: Main address line, usually street and number as free text. - name: addressLine2 | type: string | description: Free text providing more detailed address info. Usually contains apartment, suite, and floor. - name: streetName | type: string | description: Street name. - name: streetNumber | type: string | description: Street number. - name: tag | type: AddressTag | description: Address tag. - enum: UNTAGGED, HOME, WORK, BILLING, SHIPPING - name: company | type: string | description: Company name. - name: position | type: string | description: Position within company. - name: birthdate | type: string | description: Member's birth date in `YYYY-MM-DD` format. - name: slug | type: string | description: URL-friendly slug for the member's profile. - name: subscription | type: boolean | description: Whether the member consents to receive marketing communications. - name: vatId | type: string | description: Tax GUID or VAT number for personal or corporate use. - name: metadata | type: Metadata | description: Additional information about the identity that can impact user access. This data cannot be set. EMPTY-OBJECT {} - name: email | type: Email | description: Identity email address. - name: address | type: string | description: Email address. - name: isVerified | type: boolean | description: Whether the email address is verified. - name: status | type: StatusV2 | description: Identity's current status. - name: name | type: StatusName | description: Descriptive name of the identity status. - enum: - UNKNOWN_STATUS: Unknown status. This value isn't used. - PENDING: Identity is pending verification, owner approval, or both. - ACTIVE: Identity is active and can log in. - DELETED: Identity is deleted. This identity can't log in. - BLOCKED: Identity is blocked. This identity can't log in. - OFFLINE: Identity is offline. This identity can't log in. - name: reasons | type: array | description: Reasons for the current identity status. - enum: - UNKNOWN_REASON: Unknown reason. This value isn't used. - PENDING_ADMIN_APPROVAL_REQUIRED: The identity is waiting for admin approval. After the approval, the identity has an `ACTIVE` status. - PENDING_EMAIL_VERIFICATION_REQUIRED: The identity has to verify the email. After the verification, the identity has an `ACTIVE` status. - name: factors | type: array | description: Identity verification factors. - name: factorId | type: string | description: Factor GUID. - name: type | type: FactorType | description: Factor type. - enum: - PASSWORD: Requires a password. - SMS: Requires a code sent via SMS. - CALL: Requires a code sent by phone call. - EMAIL: Requires a code sent by email. - TOTP: Requires authentication via an authenticator app. - PUSH: Requires authentication via a push notification. - WEBAUTHN: Requires authentication via WebAuthn/passkey. - RECOVERY_CODE: Requires a recovery code. - name: status | type: Status | description: Factor status. - enum: - INACTIVE: Factor requires activation. - ACTIVE: Factor is active and can be used for authentication. - REQUIRE_REENROLL: Factor is blocked and cannot be used for authentication. The user should reenroll the factor. - name: additionalData | type: Map | description: Additional data relevant to the login or registration process. - ONE-OF: - name: strValue | type: string | description: String value. - name: numValue | type: number | description: Number value. - name: dateValue | type: string | description: Date value. - name: listValue | type: ListValue | description: List value. - name: value | type: array | description: Custom value. - name: mapValue | type: MapValue | description: Map value. - name: value | type: Map | description: Mapped custom value. Possible Errors: HTTP Code: 400 | Status Code: INVALID_ARGUMENT | Application Code: INVALID_AUTHENTICATOR_ID | Description: Authenticator GUID is missing or invalid. HTTP Code: 400 | Status Code: INVALID_ARGUMENT | Application Code: PROVIDE_TENANT_ID | Description: Can't resolve tenant. For users, provide a valid Wix domain in the request. For members, provide a MSGUID in the request. HTTP Code: 401 | Status Code: UNAUTHENTICATED | Application Code: WIX_EMPLOYEE_PASSWORD_LOGIN_NOT_ALLOWED | Description: Wix employees must use Google SSO to login and cannot use password authentication. HTTP Code: 401 | Status Code: UNAUTHENTICATED | Application Code: REENROLLMENT_REQUIRED_BY_ADMIN | Description: Admin requires re-enrollment for this identity. HTTP Code: 403 | Status Code: PERMISSION_DENIED | Application Code: CAPTCHA_TOKEN_REQUIRED | Description: The reCAPTCHA token is required. HTTP Code: 403 | Status Code: PERMISSION_DENIED | Application Code: INVALID_CAPTCHA_TOKEN | Description: The reCAPTCHA token is invalid or expired. HTTP Code: 429 | Status Code: RESOURCE_EXHAUSTED | Application Code: THROTTLED_FEATURE | Description: Too many requests. Try again later. HTTP Code: 500 | Status Code: INTERNAL | Application Code: TRUSTED_CLIENTS_ONLY | Description: This method is available only to trusted clients. ``` ### Examples ### Login with email and password, without using reCAPTCHA. ```curl curl -L -X POST \ 'https://www.wixapis.com/_api/iam/authentication/v2/login' \ -H 'Content-Type: application/json' \ -H 'Authorization: ' \ -d '{ "login_id": { "email": "test@test.com" }, "password": "my-password" }' ``` ### Login with email and password, using visible reCAPTCHA. ```curl curl -X POST \ 'https://www.wixapis.com/_api/iam/authentication/v2/login' \ -H 'Content-Type: application/json' \ -H 'Authorization: ' \ -d '{ "login_id": { "email": "test@test.com" }, "password": "my-password", "captcha_tokens": [{ "Recaptcha": "03AAYGu2Q0STS4gydphoHhvovlwgE-bpDbB1..." }] }' ``` ### Login with email and password, using invisible reCAPTCHA. ```curl curl -X POST \ 'https://www.wixapis.com/_api/iam/authentication/v2/login' \ -H 'Content-Type: application/json' \ -H 'Authorization: ' \ -d '{ "login_id": { "email": "test@test.com" }, "password": "my-password", "captcha_tokens": [{ "InvisibleRecaptcha": "03AAYGu2Q5KvtfjhU8XQL2LBVmd4rystj0FSSAouegJjBO6P0HI..." }] }' ``` --- ## JavaScript SDK ### Schema ``` Method: wixClientAdmin.headless.AuthenticationService.loginV2(loginId, options) Description: Logs in an existing member. Typically, after a successful login, you generate and use member tokens for the logged-in member so that subsequent API calls are called as part of a member session. Use the `sessionToken` in the response to [get the site member's access and refresh tokens](https://dev.wix.com/docs/go-headless/coding/rest-api/visitors-and-members/handle-members-with-custom-login.md#get-the-site-members-access-and-refresh-tokens). Method parameters: param name: loginId | type: LoginId | required: true - name: email | type: string | description: Login email address. param name: options | type: LoginV2Options none - name: password | type: string | description: Password of the identity logging in. - name: captchaTokens | type: array | description: CAPTCHA tokens, when CAPTCHA setting is on. - ONE-OF: - name: Recaptcha | type: string | description: - name: InvisibleRecaptcha | type: string | description: - name: NoCaptcha | type: string | description: - name: recaptchaForClientSiteKey | type: RecaptchaForClientSiteKey | description: Use this when the client has registered their own reCAPTCHA site key (e.g., branded apps, headless apps). - name: token | type: string | description: The reCAPTCHA token obtained from the client-side reCAPTCHA widget. - name: siteKeyId | type: string | description: The site key GUID registered in ReCAPTCHA service SDL for this client's reCAPTCHA configuration. - name: clientMetaData | type: object | description: Additional data that's relevant for the flow. Return type: PROMISE - name: state | type: StateType | description: Current state of the login or registration process. - enum: - UNKNOWN_STATE: Initial unknown state. - SUCCESS: Login completed successfully. - REQUIRE_OWNER_APPROVAL: Member needs the owner to approve their registration. - REQUIRE_EMAIL_VERIFICATION: Member needs to verify their email. - STATUS_CHECK: The `status` is not one that prevents the member logging in, meaning it's not `OFFLINE`, `BLOCKED`, or `DELETED`. - name: sessionToken | type: string | description: Session token. If `state` is not `SUCCESS`, this field is undefined. - name: stateToken | type: string | description: Token that represents the current state of the login or registration process. - name: identity | type: Identity | description: Identity of the current member. - name: _id | type: string | description: Identity GUID. - name: revision | type: string | description: Revision number, which increments by 1 each time the identity is updated. To prevent conflicting changes, the current revision must be passed when updating the identity. Ignored when creating an identity. - name: _createdDate | type: Date | description: Date and time the identity was created. - name: _updatedDate | type: Date | description: Date and time the identity was updated. - name: connections | type: array | description: The identity configured connections to authenticate with. - ONE-OF: - name: idpConnection | type: IdpConnection | description: IDP connection. - name: idpConnectionId | type: string | description: IDP connection GUID. - name: idpUserId | type: string | description: IDP user GUID. - name: authenticatorConnection | type: AuthenticatorConnection | description: Authenticator connection. - name: authenticatorConnectionId | type: string | description: Authenticator connection GUID. - name: reEnrollmentRequired | type: boolean | description: Whether re-enrollment is required. - name: identityProfile | type: IdentityProfile | description: Identity profile. - name: firstName | type: string | description: Member's first name. - name: lastName | type: string | description: Member's last name. - name: nickname | type: string | description: Member's display nickname. - name: picture | type: string | description: URL to member's profile picture. - name: labels | type: array | description: Labels associated with the member. - name: language | type: string | description: Member's preferred language code. - name: privacyStatus | type: PrivacyStatus | description: Member's profile visibility setting. - enum: - UNDEFINED: No privacy status defined. - PUBLIC: Profile details are visible to other members. - PRIVATE: Profile details are hidden from other members. - name: customFields | type: array | description: Any number of custom fields. [Custom fields](https://support.wix.com/en/article/adding-custom-fields-to-contacts) are used to store additional information about your site or app's contacts. - name: name | type: string | description: Custom field name matching an extended field key (without `custom.` prefix). Must match a key from [`List Extended Fields`](https://dev.wix.com/docs/rest/api-reference/contacts/extended-fields/list-extended-fields.md). - name: value | type: CustomValue | description: Value for the custom field. - ONE-OF: - name: strValue | type: string | description: Text value. - name: numValue | type: number | description: Numeric value. - name: dateValue | type: Date | description: Date/time value. - name: listValue | type: ListValue | description: List of values. - name: value | type: array | description: List of custom values. - name: mapValue | type: MapValue | description: Key-value pairs. - name: value | type: Map | description: Map of custom field values. - name: boolValue | type: boolean | description: Bool value - name: secondaryEmails | type: array | description: Additional email addresses for the member. - name: email | type: string | description: Secondary email address. - name: tag | type: EmailTag | description: Email tag. - enum: UNTAGGED, MAIN, HOME, WORK - name: phonesV2 | type: array | description: Phone numbers associated with the member. - name: countryCode | type: string | description: Country code for the phone number. - name: phone | type: string | description: Phone number without country code. - name: tag | type: PhoneTag | description: Phone tag. - enum: UNTAGGED, MAIN, HOME, MOBILE, WORK, FAX - name: addresses | type: array | description: Physical addresses for the member. - name: address | type: Address | description: Physical address details. - name: city | type: string | description: none - name: subdivision | type: string | description: none - name: country | type: string | description: none - name: postalCode | type: string | description: none - name: addressLine2 | type: string | description: none - name: tag | type: AddressTag | description: Address tag. - enum: UNTAGGED, HOME, WORK, BILLING, SHIPPING - name: company | type: string | description: Company name. - name: position | type: string | description: Position within company. - name: birthdate | type: string | description: Member's birth date in `YYYY-MM-DD` format. - name: slug | type: string | description: URL-friendly slug for the member's profile. - name: subscription | type: boolean | description: Whether the member consents to receive marketing communications. - name: vatId | type: string | description: Tax GUID or VAT number for personal or corporate use. - name: email | type: Email | description: Identity email address. - name: address | type: string | description: Email address. - name: isVerified | type: boolean | description: Whether the email address is verified. - name: status | type: StatusV2 | description: Identity's current status. - name: name | type: StatusName | description: Descriptive name of the identity status. - enum: - UNKNOWN_STATUS: Unknown status. This value isn't used. - PENDING: Identity is pending verification, owner approval, or both. - ACTIVE: Identity is active and can log in. - DELETED: Identity is deleted. This identity can't log in. - BLOCKED: Identity is blocked. This identity can't log in. - OFFLINE: Identity is offline. This identity can't log in. - name: reasons | type: array | description: Reasons for the current identity status. - enum: - UNKNOWN_REASON: Unknown reason. This value isn't used. - PENDING_ADMIN_APPROVAL_REQUIRED: The identity is waiting for admin approval. After the approval, the identity has an `ACTIVE` status. - PENDING_EMAIL_VERIFICATION_REQUIRED: The identity has to verify the email. After the verification, the identity has an `ACTIVE` status. - name: factors | type: array | description: Identity verification factors. - name: factorId | type: string | description: Factor GUID. - name: type | type: FactorType | description: Factor type. - enum: - PASSWORD: Requires a password. - SMS: Requires a code sent via SMS. - CALL: Requires a code sent by phone call. - EMAIL: Requires a code sent by email. - TOTP: Requires authentication via an authenticator app. - PUSH: Requires authentication via a push notification. - WEBAUTHN: Requires authentication via WebAuthn/passkey. - RECOVERY_CODE: Requires a recovery code. - name: status | type: Status | description: Factor status. - enum: - INACTIVE: Factor requires activation. - ACTIVE: Factor is active and can be used for authentication. - REQUIRE_REENROLL: Factor is blocked and cannot be used for authentication. The user should reenroll the factor. - name: additionalData | type: Map | description: Additional data relevant to the login or registration process. - ONE-OF: - name: strValue | type: string | description: String value. - name: numValue | type: number | description: Number value. - name: dateValue | type: Date | description: Date value. - name: listValue | type: ListValue | description: List value. - name: value | type: array | description: Custom value. - name: mapValue | type: MapValue | description: Map value. - name: value | type: Map | description: Mapped custom value. Possible Errors: HTTP Code: 400 | Status Code: INVALID_ARGUMENT | Application Code: INVALID_AUTHENTICATOR_ID | Description: Authenticator GUID is missing or invalid. HTTP Code: 400 | Status Code: INVALID_ARGUMENT | Application Code: PROVIDE_TENANT_ID | Description: Can't resolve tenant. For users, provide a valid Wix domain in the request. For members, provide a MSGUID in the request. HTTP Code: 401 | Status Code: UNAUTHENTICATED | Application Code: WIX_EMPLOYEE_PASSWORD_LOGIN_NOT_ALLOWED | Description: Wix employees must use Google SSO to login and cannot use password authentication. HTTP Code: 401 | Status Code: UNAUTHENTICATED | Application Code: REENROLLMENT_REQUIRED_BY_ADMIN | Description: Admin requires re-enrollment for this identity. HTTP Code: 403 | Status Code: PERMISSION_DENIED | Application Code: CAPTCHA_TOKEN_REQUIRED | Description: The reCAPTCHA token is required. HTTP Code: 403 | Status Code: PERMISSION_DENIED | Application Code: INVALID_CAPTCHA_TOKEN | Description: The reCAPTCHA token is invalid or expired. HTTP Code: 429 | Status Code: RESOURCE_EXHAUSTED | Application Code: THROTTLED_FEATURE | Description: Too many requests. Try again later. HTTP Code: 500 | Status Code: INTERNAL | Application Code: TRUSTED_CLIENTS_ONLY | Description: This method is available only to trusted clients. ``` ### Examples ### loginV2 ```javascript import { authentication } from '@wix/identity'; async function loginV2(loginId,options) { const response = await authentication.loginV2(loginId,options); }; ``` ### loginV2 (with elevated permissions) ```javascript import { authentication } from '@wix/identity'; import { auth } from '@wix/essentials'; async function myLoginV2Method(loginId,options) { const elevatedLoginV2 = auth.elevate(authentication.loginV2); const response = await elevatedLoginV2(loginId,options); } ``` ### loginV2 (self-hosted) Self-hosted SDK calls require you to [create a client](https://dev.wix.com/docs/sdk/articles/work-with-the-sdk/about-the-wix-client.md). ```javascript import { createClient } from '@wix/sdk'; import { authentication } from '@wix/identity'; // Import the auth strategy for the relevant access type // Import the relevant host module if needed const myWixClient = createClient ({ modules: { authentication }, // Include the auth strategy and host as relevant }); async function loginV2(loginId,options) { const response = await myWixClient.authentication.loginV2(loginId,options); }; ``` ---