--- title: Signin description: Create a user session by signing in with username and password credentials. url: https://docs.influxdata.com/influxdb/v2/api/signin/ estimated_tokens: 901 product: InfluxDB OSS v2 version: v2 publisher: InfluxData canonical: https://docs.influxdata.com/influxdb/v2/api/signin/ --- [Download InfluxDB API Spec](/openapi/influxdb-oss-v2-api.yml) Create a user session by signing in with username and password credentials. POST`/api/v2/signin` ### Create a user session. Authenticates [Basic authentication credentials](#section/Authentication/BasicAuthentication)for a [user](/influxdb/v2/reference/glossary/#user), and then, if successful, generates a user session. To authenticate a user, pass the HTTP `Authorization` header with the`Basic` scheme and the base64-encoded username and password. For syntax and more information, see [Basic Authentication](#section/Authentication/BasicAuthentication) for syntax and more information. If authentication is successful, InfluxDB creates a new session for the user and then returns the session cookie in the `Set-Cookie` response header. InfluxDB stores user sessions in memory only. They expire within ten minutes and during restarts of the InfluxDB instance. #### User sessions with authorizations * In InfluxDB Cloud, a user session inherits all the user’s permissions for the organization. * In InfluxDB OSS, a user session inherits all the user’s permissions for all the organizations that the user belongs to. #### Related endpoints * [Signout](#tag/Signout) #### Parameters ##### Header parameters `Zap-Trace-Span`string OpenTracing span context Example request[Ask AI about this](#) ```sh curl --request POST \ "http://localhost:8086/api/v2/signin" \ --header "Authorization: Bearer INFLUX_TOKEN" ``` #### Responses 204Success. The user is authenticated. The `Set-Cookie` response header contains the session cookie. 401 Unauthorized. This error may be caused by one of the following problems: * The user doesn’t have access. * The user passed incorrect credentials in the request. * The credentials are formatted incorrectly in the request. `code`requiredstring code is the machine-readable error code. Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type` `err`string Stack of errors that occurred during processing of the request. Useful for debugging. `message`string Human-readable message. `op`string Describes the logical code operation when the error occurred. Useful for debugging. 403Forbidden. The user account is disabled. `code`requiredstring code is the machine-readable error code. Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type` `err`string Stack of errors that occurred during processing of the request. Useful for debugging. `message`string Human-readable message. `op`string Describes the logical code operation when the error occurred. Useful for debugging. defaultUnsuccessful authentication. `code`requiredstring code is the machine-readable error code. Allowed:`internal error`, `not implemented`, `not found`, `conflict`, `invalid`, `unprocessable entity`, `empty value`, `unavailable`, `forbidden`, `too many requests`, `unauthorized`, `method not allowed`, `request too large`, `unsupported media type` `err`string Stack of errors that occurred during processing of the request. Useful for debugging. `message`string Human-readable message. `op`string Describes the logical code operation when the error occurred. Useful for debugging.