Skip to main content

API password login provider

This login provider calls an external API to authenticate a flow user by sending the users input from the email and password field on the login UI.


  • authUrl: URL of the API where the user credentials are sent to via an HTTP POST request.
  • sharedSecret: Value of the X-Authorization header that is sent along with the POST request.


Every time a user enters their credentials on the login UI, an HTTP request is made with the following POST data:

"email": "USER_INPUT",
"password": "USER_INPUT"

Also, the X-Authorization HTTP header will be set to the sharedSecret.


Studo Flow expects the following JSON as HTTP response:

  • status: Describes the status of the login response, possible values are: SUCCESS, ERROR, WRONG_CREDENTIALS
  • error: In case status is ERROR, the API can pass a localized error message (see examples), that will be shown on the login page for the user.

Response examples

User credentials are correct

"status": "SUCCESS",
"error": null

User credentials are incorrect

"error": null

Error case (e.g. user credentials were correct, but the user can't log in, because tuition fees need to be paid first)

"status": "ERROR",
"error": {
"en": "In order to sign in, tuition fees must be paid first.",
"de": "Um sich anzumelden, müssen zuerst die Studiengebühren bezahlt werden.",
"sl": "..."