---
title: "Authentication API Technical Reference"
description: "The Authentication API accepts a user email address and password and returns a user session token to use with other API endpoints."
meta_title: "Authentication API Technical Reference"
audience: developers
lastUpdated: "2026-04-18T00:30:33.000Z"
---

> **Caution**
>
> <CalloutHeading>The Authentication API is deprecated</CalloutHeading>
>
> This endpoint is temporary and will be removed soon. It generates legacy tokens, which stop working after re-authenticating your Prismic account or changing the password.
>
> Going forward, generate permanent tokens from Settings > API & Security > Write APIs.

***

The endpoint URL for the Authentication API is `https://auth.prismic.io/login` and the method is POST.

In your request headers, set `Content-Type` to `application/json`.

In the request body, include a email and password properties, like so:

```json
{
  "email": "john.doe@your-website.com",
  "password": "yourPassword"
}
```

If the request is successful, you will receive a `200` response containing the user session token.