Login Endpoint
The login endpoint authenticates a vendor using their Triand account credentials and returns a Bearer token (PJWT) for subsequent API calls.
Endpoint
POST https://api.triand.com/v1/login
Headers
| Header | Required | Description |
|---|---|---|
| x-api-key | Yes | Your vendor API key |
| Content-Type | Yes | application/json |
| Authorization | No | Not required — the login endpoint generates the Bearer token |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
| string | Yes | Your Triand account email address | |
| password | string | Yes | Your Triand account password |
Response
A successful login returns:
{
"actionOk": true,
"error": [],
"pjwt": "eyJhbGciOiJIUzUxMiI...",
"expiresIn": 86400
} | Field | Type | Description |
|---|---|---|
| actionOk | boolean | true on success |
| error | string[] | Error codes (empty on success) |
| pjwt | string | Bearer token for subsequent API calls |
| expiresIn | number | Token validity in seconds (86400 = 24 hours) |
Example: curl
curl -X POST https://api.triand.com/v1/login \
-H "Content-Type: application/json" \
-H "x-api-key: YOUR_API_KEY" \
-d '{
"email": "vendor@example.com",
"password": "your-password"
}' Example: JavaScript fetch
const response = await fetch('https://api.triand.com/v1/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': 'YOUR_API_KEY',
},
body: JSON.stringify({
email: 'vendor@example.com',
password: 'your-password',
}),
})
const { pjwt, expiresIn } = await response.json()
// Use the pjwt for subsequent API calls:
const students = await fetch('https://api.triand.com/v1/students', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'x-api-key': 'YOUR_API_KEY',
'Authorization': `Bearer ${pjwt}`,
},
body: JSON.stringify({ limit: 5, districtlea: '1503000' }),
}) Token Expiry and Re-Login
The PJWT token expires after 24 hours (expiresIn: 86400 seconds). When the token expires, your API calls will return a 401 invalid-token error. At that point, call POST /v1/login again to obtain a fresh token.
Best practice: Cache the PJWT and re-authenticate proactively before it expires, rather than waiting for a 401 error. Track the expiresIn value to know when to refresh.
Error Responses
| Error Code | Cause |
|---|---|
| missing-credentials | Email or password was not provided |
| invalid-credentials | Email not found or password is incorrect |
| no-vendor-account | User exists but has no approved vendor account |
| vendor-not-active | Vendor account is suspended or disabled |