The Nirvahak Login API allows users to securely authenticate and initiate a session with the Nirvahak platform. This is the first step in accessing any protected or user-specific data through Nirvahak’s modules and services.
Upon successful login, the server returns user details along with session context (such as token or user ID), which can be used in subsequent API calls.
Endpoint
Authenticates a user by validating their credentials and initiates a login session.
POST http://<base-url>/app/login.jspParameter Breakdown
These parameters must be sent using application/x-www-form-urlencoded in the POST body.
| Parameter | Type | Required | Description |
| username | string | Yes | The registered mobile number or username. |
| password | string | Yes | The user’s login password. |
Body Format
Sends the login credentials in application/x-www-form-urlencoded format as part of the POST request body.
username=XXXXXXXXXX&password=welcomeRequest (curl)
This CURL command sends a POST request with form-encoded login credentials to authenticate the user via the Nirvahak Login API.
curl -X POST http://<base-url>/app/login.jsp \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "username=XXXXXXXXXX" \
-d "password=welcome"
Request (JavaScript)
A JavaScript fetch example that sends form‑encoded login credentials to the Nirvahak Login API and logs the JSON response.
fetch('https://<base-url>/app/login.jsp', {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: 'username=XXXXXXXXXX&password=welcome'
})
.then(response => response.json())
.then(data => {
console.log(data);
});
Success Response
{
"status": "success",
"userId": "507f191e810c19729de860ea",
"username": "XXXXXXXXXX",
"token": "abc123xyztokenvalue",
"message": "Login successful"
}
Successful Login Response – Fields
status:- Indicates the result of the login request. A value of"success"confirms that authentication was successful.userId:- A unique identifier assigned to the authenticated user by the Nirvahak system. Used to track user-specific operations.username:-The same username or mobile number that was submitted during login. Returned for confirmation.token(optional):- A session or access token returned when token-based authentication is used. This token should be securely stored and included in future API requests for authorization.message:- A human-readable string confirming the success of the login process (e.g.,"Login successful").
Error Response
{
"status": "error",
"message": "Invalid username or password"
}
If the login attempt fails, the API returns a response with a status field set to "error". This indicates that authentication was unsuccessful due to invalid credentials or other related issues. Accompanying the status, the message field explains the cause of the error in plain language—for example, "Invalid username or password"helping the developer or user identify what went wrong and how to correct it.
Security
- Always make requests over HTTPS to protect user credentials.
- Do not store raw passwords in client-side applications or logs.
- If a token is returned, store it securely and use it for authenticated requests.
- Implement login rate-limiting and account lockout policies for extra protection.
Post-login Actions
After login, you may:
- Use the token or session info to call authenticated endpoints
- Fetch user-related metadata or dashboard content
- Initiate modules like data object access, reporting, or workflow tasks