# Login

Endpoint: POST login
Version: v1
Security: X-Signature

## Header parameters:

  - `X-Signature` (string, required)
    Example: "X-Signature: t=1492774577,v1=5257a869..."

## Request fields (application/json):

  - `version` (string)
    The version of the event.
    Example: "1"

  - `id` (string)
    The unique identifier for the event. This can be used as an idempotency key.
    Example: "c478966c-f927-411c-b919-179832d3d50c"

  - `timestamp` (integer)
    When the event occurred, formatted as a UNIX timestamp (in seconds).
    Example: 1698604061

  - `category` (string)
    The category of the event.
    Enum: "ACTIVITY"

  - `description` (string)
    The description of the event. Note: this is subject to change and should not be used to match on this object.
    Example: "user@example.com logged into https://login.com using a password"

  - `object` (string)
    The object that was created.
    Enum: "LOGIN"

  - `friendlyName` (string)
    The friendly name of this object. Note: this is subject to change and should not be used to match on this object.
    Example: "Login"

  - `new` (object)
    This object represents a login event, indicating when an employee accesses an application by logging in.

  - `new.employeeId` (string)
    Identifier of employee who used this account
    Example: "72d0347a-2663-4ef5-b1c5-df39163f1603"

  - `new.accountId` (string,null)
    Identifier for the account that was logged into. This value is null when workApp=false.
    Example: "37cda962-7e78-49bc-8721-1becd16276a3"

  - `new.appType` (string,null)
    The app associated with this account. This value is null when workApp=false.
    Example: "ATLASSIAN"

  - `new.appId` (string,null)
    The identifier of the app associated with this account. This value is null when workApp=false.
    Example: "2a2197de-ad2c-47e4-8dcb-fb0f04cf83e0"

  - `new.email` (string)
    The email address used to log into the account
    Example: "john.hill@example.com"

  - `new.loginTimestamp` (integer)
    When the login occurred. Formatted as a UNIX timestamp (in seconds).
    Example: 1698064423

  - `new.loginUrl` (string)
    The URL where the login took place.
    Example: "https://www.example.com/login"

  - `new.workApp` (boolean)
    Whether the app is recognized as a commonly used work app. [Learn more](https://pushsecurity.com/integration/supported/).
    Example: true

  - `new.passwordManuallyTyped` (boolean,null)
    Whether the password was manually typed (or a password manager was used). This value is null if password authentication was not used.
    Example: true

  - `new.passwordManager` (string,null)
    The password manager used to log in. This value is null if a password manager was not detected.
    Enum: "ARC_BUILTIN", "BITWARDEN", "BRAVE_BUILTIN", "CHROME_BUILTIN", "CLIPBOARD_PASTE", "DASHLANE", "EDGE_BUILTIN", "FIREFOX_BUILTIN", "ISLAND_BUILTIN", "KEEPER", "LASTPASS", "OKTA", "ONEPASSWORD", "OPERA_BUILTIN", "PRISMA_ACCESS_BUILTIN", "SAFARI_BUILTIN", "UNKNOWN"

  - `new.weakPassword` (boolean,null)
    True if the password used was considered weak. This value is null if password authentication was not used.
    Example: true

  - `new.weakPasswordReasons` (array,null)
    Reasons a password is weak. This value is null if weakPassword is false or null.
    Enum: "COMMON_BASE_WORD", "BANNED_BASE_WORD"

  - `new.leakedPassword` (boolean,null)
    Whether the password used on the account has been leaked in a data breach or not. This value is null if password authentication is not used.
    Example: true

  - `new.loginType` (string,null)
    All possible ENUM values for login types
    Enum: "OIDC_LOGIN", "SAML_LOGIN", "PASSWORD_LOGIN", "FEDCM_LOGIN"

  - `new.identityProvider` (string,null)
    The identity provider used to authenticate. This value is null if password authentication was used.
    Example: "OKTA"

  - `new.sourceIpAddress` (string)
    The IP address of the user logging in.
    Example: "8.158.25.38"

  - `new.browser` (any)
    The browser used by the employee
    Enum: "CHROME", "FIREFOX", "EDGE", "SAFARI", "OPERA", "BRAVE", "ARC", "ISLAND", "PRISMA_ACCESS", "UNKNOWN"

  - `new.os` (any)
    The OS used by the employee
    Enum: "MACOS", "WINDOWS", "LINUX", "CHROME_OS", "IOS", "ANDROID", "UNKNOWN"

  - `new.userAgent` (string)
    The user agent string reported by the browser
    Example: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299"

  - `new.passwordId` (string,null)
    The identifier of the password used to login.  This value is null if password authentication was not used.
    Example: "9c816f55-7453-49e5-bc60-6b1b9b38cadc"

  - `new.passwordChanged` (boolean,null)
    Whether the password has changed since the last login on this browser. This value is null if unavailable.
    Example: true


## Response 2XX fields