Skip to main content
POST
/
user
/
login
Log in
curl --request POST \
  --url https://api.4casters.io/user/login \
  --header 'Content-Type: application/json' \
  --data '
{
  "username": "your_username",
  "password": "your_password"
}
'
{
  "data": {
    "user": {
      "id": "<string>",
      "username": "<string>",
      "displayBalance": 123,
      "creditLimit": 123,
      "liability": 123,
      "commissionCharged": 123,
      "maxLiability": 123,
      "matchedVolume": {},
      "openInterest": {},
      "isAdmin": true,
      "hasMarketMakerAccess": true,
      "isPro": true,
      "isDeposit": true,
      "isAlphaUser": true,
      "sportsbookDefault": true,
      "defaultRotationNumbers": true,
      "displayRotationNumbers": true,
      "viewOddsWithCommission": true,
      "defaultExpiry": 123,
      "defaultOffer": 123,
      "defaultSendOrderMessage": true,
      "sportsbookMinimumDisplay": 123,
      "showChatLastMessage": true,
      "yesNoSummary": true,
      "accessCode": "<string>",
      "code": "<string>",
      "p2pCode": "<string>",
      "createdAt": "2023-11-07T05:31:56Z",
      "emailConfirmation": true,
      "auth": "<string>",
      "email": "[email protected]",
      "passwordSecurityChecks": {}
    }
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.4casters.io/llms.txt

Use this file to discover all available pages before exploring further.

To use any authenticated route you need an auth token. Tokens are obtained by logging in and are valid for 30 days, after which a fresh login is required.

Log in

POST /user/login 
curl -X POST https://api.4casters.io/user/login \
  -H "Content-Type: application/json" \
  -d '{"username": "your_username", "password": "your_password"}'

Request

username
string
required
Account username (or email).
password
string
required
Account password.

Response

The token is returned both as data.user.auth and as a signed auth cookie (Set-Cookie). For most server-side integrations you’ll want to capture data.user.auth and discard the cookie. 
{
  "data": {
    "user": {
      "id": "5fe37acbb5a23600123662c1",
      "username": "your_username",
      "auth": "5cd551d6...",
      "type": "p2p",
      "oddsFormat": "american",
      "displayBalance": 1250.50,
      "creditLimit": 500,
      "liability": -125.00,
      "commissionCharged": 0.01,
      "hasMarketMakerAccess": false,
      "isPro": false,
      "createdAt": "2020-12-23T17:14:09.000Z"
    }
  }
}
See User in the OpenAPI schema for every field.

Error responses

StatusMeaning
400username and password are required.
401Username or password is incorrect.
403Account banned, locked, or closed.
429Login rate-limit exceeded.

Authorizing requests

Pass the token from data.user.auth on every subsequent request. Three header / payload formats are accepted, in this order of preference: If no token is provided — or the token is unknown / expired — the server responds with 401 InvalidCredentials.

Token rotation

Authenticated requests with tokens older than 30 days automatically rotate to a new token. When this happens, the new token is returned in the X-Auth-Token response header (and as an updated signed auth cookie). Long-lived integrations should watch for this header and persist the new value.

Logging out

POST /user/logout invalidates the current token. Subsequent requests with that token return 401.

Body

application/json
username
string
required
password
string<password>
required

Response

Login successful. The auth token is returned both as data.user.auth and as a signed auth cookie.

data
object