Skip to main content

API Key Login

POST /user/login

Authenticates using an API key and returns a JWT token for subsequent API calls.
POST /user/login
Authentication: None Body Parameters
apiKey
string
required
The API key associated with your Mannco.store account. You can generate this from your account settings.

Response

Success Response
{
  "status": "success",
  "data": {
    "jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
  }
}

JWT Token Structure

The JWT token contains the following claims:
ClaimTypeDescription
issstringIssuer — always "API"
substringSteam ID of the user
expintegerExpiration timestamp (31 days from creation)
iatintegerIssued at timestamp
jtistringUnique token identifier (UUID)
ipstringClient IP address
countrystringISO country code
steamidintegerNumeric Steam ID
APIbooleanAlways true for API authentication

Error Responses

StatusMessageDescription
errorMissing required parameter: apiKeyThe apiKey field was not provided
forbiddenInvalid API keyThe provided API key does not exist or is invalid
forbiddenCountry blockedYour country is blocked from accessing the API

Usage Example

cURL
curl -X POST https://mannco.store/user/login \
  -H "Content-Type: application/json" \
  -d '{"apiKey": "your-api-key-here"}'
JavaScript
const response = await fetch('https://mannco.store/user/login', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    apiKey: 'your-api-key-here'
  })
});

const data = await response.json();
const jwtToken = data.data.jwt;
Python
import requests

response = requests.post('https://mannco.store/user/login', json={
    'apiKey': 'your-api-key-here'
})

data = response.json()
jwt_token = data['data']['jwt']
Store the JWT token securely. It expires after 31 days and must be included in all authenticated API requests.

Using the JWT Token

Once you have obtained a JWT token, include it in subsequent API requests. The exact method depends on how the API is configured, but typically one of:
  1. Cookie: The token may be automatically set as a session cookie
  2. Authorization Header: Authorization: Bearer {token}
  3. Custom Header: Check specific endpoint documentation
Most endpoints in this API require the api permission level, which means they require a valid JWT token obtained through this authentication endpoint.