# Session

## Deprecation Notice

1. Starting in GitLab 9.0, this feature will be *disabled* for users with two-factor authentication turned on.
2. These users can access the API using [personal access tokens] instead.

---

You can login with both GitLab and LDAP credentials in order to obtain the
private token.

```
POST /session
```

| Attribute  | Type    | Required | Description |
| ---------- | ------- | -------- | -------- |
| `login`    | string  | yes      | The username of the user|
| `email`    | string  | yes if login is not provided | The email of the user |
| `password` | string  | yes     | The password of the user |

```bash
curl -X POST "https://gitlab.example.com/api/v3/session?login=john_smith&password=strongpassw0rd"
```

Example response:

```json
{
  "name": "John Smith",
  "username": "john_smith",
  "id": 32,
  "state": "active",
  "avatar_url": null,
  "created_at": "2015-01-29T21:07:19.440Z",
  "is_admin": true,
  "bio": null,
  "skype": "",
  "linkedin": "",
  "twitter": "",
  "website_url": "",
  "email": "john@example.com",
  "theme_id": 1,
  "color_scheme_id": 1,
  "projects_limit": 10,
  "current_sign_in_at": "2015-07-07T07:10:58.392Z",
  "identities": [],
  "can_create_group": true,
  "can_create_project": true,
  "two_factor_enabled": false,
  "private_token": "9koXpg98eAheJpvBs5tK"
}
```

[personal access tokens]: ./README.md#personal-access-tokens