Login Authorization

Sellers use this endpoint to obtain an access token. All subsequent API requests require this token in the Authorization header.

Basic Information

Property	Value
Method	POST
Path	/seller/auth/login
Authentication	None (this is the login endpoint)
Content-Type	application/json

Request Body Parameters

Parameter	Type	Required	Description
email	string	Yes	IGV system login email
password	string	Yes	IGV system login password

Request Example

POST /merchant-api/seller/auth/login HTTP/1.1
Host: paas-gateway.imetastore.io
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "your_password"
}

Response Parameters

Parameter	Type	Description
code	string	Return status code. 0000 = success
msg	string	Return message
time	string	Server time (ISO 8601)
data.accessToken	string	Access token for subsequent API calls
data.tokenType	string	Token type, always Bearer
data.expiresIn	number	Token validity period (seconds). Default is 24 hours (86400); always honor the actual expiresIn returned by the server
data.refreshToken	string	Refresh token

Success Response

{
  "code": "0000",
  "msg": "Success",
  "time": "2025-12-17T13:44:16.000Z",
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
    "tokenType": "Bearer",
    "expiresIn": 7200,
    "refreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

Using the Token

Combine tokenType and accessToken into the Authorization header for all subsequent requests:

Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...

Important Notes

Token Management

• The token is not permanent. The expiresIn field indicates validity in seconds. Default validity is 24 hours, but the actual value returned in expiresIn is authoritative.
• When the token expires, call this endpoint again to obtain a new token.
• Cache and reuse the token; do not request a new token before every API call.
• Store tokens securely; never expose them on the client side.