Skip to main content
POST
/
api
/
v3
/
admin
/
auth
/
login
Spree Admin SDK
import { createAdminClient } from '@spree/admin-sdk'

const client = createAdminClient({
  baseUrl: 'https://your-store.com',
  secretKey: 'sk_xxx',
})

// The refresh token is set as an HttpOnly cookie; only `token` and `user` come back in the body.
const auth = await client.auth.login({
  email: 'admin@example.com',
  password: 'password123',
})
spree api post /auth/login -d '{"email":"admin@example.com","password":"password123"}'
{
  "token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJ1c2VyX3R5cGUiOiJhZG1pbiIsImp0aSI6IjEzMDhlYWVmLWI1ZjctNGQyNS05MWZhLWUyZDYzODMwYTc3MiIsImlzcyI6InNwcmVlIiwiYXVkIjoiYWRtaW5fYXBpIiwiZXhwIjoxNzgzNDUyNDU2fQ.l-HY0V9Q59sLe-lRCsjq0b-qx7fdmGEESlFc3rAv4U4",
  "user": {
    "id": "admin_UkLWZg9DAJ",
    "email": "admin@example.com",
    "first_name": "Aaron",
    "last_name": "Feest",
    "full_name": "Aaron Feest",
    "selected_locale": null,
    "created_at": "2026-07-07T19:22:35.775Z",
    "updated_at": "2026-07-07T19:22:35.775Z",
    "avatar_url": null,
    "roles": [
      {
        "id": "role_UkLWZg9DAJ",
        "name": "admin"
      }
    ]
  }
}
{
  "error": {
    "code": "authentication_failed",
    "message": "Invalid email or password"
  }
}

Authorizations

x-spree-api-key
string
header
required

Secret API key for admin access

Headers

x-spree-api-key
string
required

Body

application/json

Built-in email/password authentication (default when provider is omitted).

email
string<email>
required
Example:

"admin@example.com"

password
string
required
Example:

"password123"

provider
enum<string>
default:email
Available options:
email

Response

login successful

token
string
required

JWT access token

user
object
required