# UserLoginTokens

## Introduction

`UserLoginTokens` are short-lived, user-specific tokens that allow a browser to log in a [User](/api-reference/users.md) without entering credentials. They are typically used for auto-login URLs or SSO-like flows where an application needs to sign in a [User](/api-reference/users.md) in a standard web context.

User login tokens are intended for one-time use: when a token is used during a login, it is soft deleted so it cannot be reused. Tokens are also invalid after their configured expiration time.

For usage examples see the [Login By User Login Token](/introduction/authorization/third-party-login.md#login-by-user-login-token) section.

{% hint style="info" %}
The actual login token (the secret the browser uses to perform the login) is only returned in the response payload of the create action. It is provided under the key `token` in the JSON response and is not present on list or show responses. Store or forward this `token` securely immediately after creation because it will not be retrievable later.
{% endhint %}

## Model Definition

### Relations

| Key         | Relation                        | Type       | Relation Field(s) |
| ----------- | ------------------------------- | ---------- | ----------------- |
| `user`      | [User](/api-reference/users.md) | Belongs to | `user_id`         |
| `loginUser` | [User](/api-reference/users.md) | Belongs to | `login_user_id`   |

### Traits

* `SoftDeletes`

## \[Adm.] List

Get a list of all `UserLoginTokens`.

**Definition**

<mark style="color:green;">`GET`</mark> `/api/administration/users/login-tokens`

**Example Request**

{% tabs %}
{% tab title="PHP" %}

```php
$client = new GuzzleHttp\Client(['base_uri' => 'https://{tenant}.intratool.de']);
$response = $client->request('GET', '/api/administration/users/login-tokens', [
    'headers' => ['Authorization' => "Bearer {accessToken}"]
]);
```

{% endtab %}
{% endtabs %}

**Example Response**

```json
[
  {
    "uuid": "a046c716-db7a-4a1e-b8e1-52b2573ced74",
    "user_id": 2,
    "login_user_id": 3,
    "expires_at": "2025-11-01 12:05:00",
    "created_at": "2025-11-01 12:00:00",
    "updated_at": "2025-11-01 12:00:00",
    "deleted_at": null
  },
  {
    "uuid": "a048cad0-ddac-4b85-a81b-169bbe639023",
    "user_id": 2,
    "login_user_id": 4,
    "expires_at": "2025-11-01 12:20:00",
    "created_at": "2025-11-01 12:15:00",
    "updated_at": "2025-11-01 12:15:00",
    "deleted_at": null
  }
]
```

## \[Adm.] Show

Show a single `UserLoginToken` by `uuid`.

**Definition**

<mark style="color:green;">`GET`</mark> `/api/administration/users/login-tokens/{uuid}`

**Example Request**

{% tabs %}
{% tab title="PHP" %}

```php
$client = new GuzzleHttp\Client(['base_uri' => 'https://{tenant}.intratool.de']);
$response = $client->request('GET', '/api/administration/users/login-tokens/a046c716-db7a-4a1e-b8e1-52b2573ced74', [
    'headers' => ['Authorization' => "Bearer {accessToken}"]
]);
```

{% endtab %}
{% endtabs %}

**Example Response**

```json
{
  "uuid": "a046c716-db7a-4a1e-b8e1-52b2573ced74",
  "user_id": 2,
  "login_user_id": 3,
  "expires_at": "2025-11-01 12:05:00",
  "created_at": "2025-11-01 12:00:00",
  "updated_at": "2025-11-01 12:00:00",
  "deleted_at": null
}
```

## \[Adm.] Create

Create a new `UserLoginToken` for a [User](/api-reference/users.md).

**Definition**

<mark style="color:yellow;">`POST`</mark> `/api/administration/users/login-tokens`

**Request Keys**

| Key                | Type    | Default | Description                                                                           |
| ------------------ | ------- | ------- | ------------------------------------------------------------------------------------- |
| `login_user_id` \* | integer | -       | The `ID` of the [User](/api-reference/users.md) to login.                             |
| `expires_in` \*    | integer | -       | The amount of seconds until the login token expires (between 1 and 86400 (24 hours)). |

Keys with `*` are required.

**Example Request**

{% tabs %}
{% tab title="PHP" %}

```php
$client = new GuzzleHttp\Client(['base_uri' => 'https://{tenant}.intratool.de']);
$response = $client->request('POST', '/api/administration/users/login-tokens', [
    'headers' => ['Authorization' => "Bearer {accessToken}"],
    'json' => [
        'login_user_id' => 5,
        'expires_in' => 300
    ]
]);
```

{% endtab %}
{% endtabs %}

**Example Response**

```json
{
  "uuid": "a04a835e-65f0-4b8f-a476-f19de1c9a3ec",
  "user_id": 2,
  "login_user_id": 5,
  "expires_at": "2025-11-01 12:35:00",
  "created_at": "2025-11-01 12:30:00",
  "updated_at": "2025-11-01 12:30:00",
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3NjI4NjI1MTUsIm5iZiI6MTc2Mjg2MjUxNSwiZXhwIjoxNzYyODYyNjM1LCJpc3MiOiJodHRwczpcL1wvdGVzdC5pbnRyYXRvb2wudGVzdFwvIiwiYXVkIjoiaHR0cHM6XC9cL3Rlc3QuaW50cmF0b29sLnRlc3RcLyIsImp0aSI6IjEzZTRlNTdiLWYyMDEtNDVlYi1iZDlkLWY5OGUzYTgxOWU2NyIsImx0aSI6ImEwNTRkNzY2LWUzNTItNDIzYy04NmRiLTM4YTIzOTRhNmM2YSIsInN1YiI6M30.NX_N6TPcbezWuhONbyB_BZnvc8tfEtg-RdvGw6VjMX3yfdkD-ZNOkBxvMSbt81bSDNSxk3JIJtME2wjhTA4GatU4wFM-RUT1ABK_iXd_t7LpjLR6K2BlFUyQL9Lkk-LvbkKm0-uQYNrsCw4rqmG5R_tCvcsNpYEUPwmpzWfFuqJsGD6pVCMPNtVAKCPEhV_2FN2QNTd-SdncrbnxFY_F0-WBFEhlC1xIvguWMDSu2yTmGXJwNkRt_Y-9z6TbRjmAJ_g657zCzgRSzh6yYJtrEjWCsB1cku5eFqLTboiHTsr362uXhJnvm0oPJZ4wBiGMxSsdYSZJpxz0CopTsauDnOT-lhkpUdSxFmwo2HEry_f29O5Imb4ETtvzgu4_gyqAg0kG4rFuu548EIRXLbjxCGE4EqlKoNQMHwDSeEZQOs8Pj3QufZuE-UyC4T0iMQEvOmX0HAzfxLWeVA8x6ZXycwoyYDC-3k_5BNL4mm9bZ6dxQdpYjEEnjPao4-VRyUqYtNiUeduWP1Jv98KApbr6tN5Jfatxg0NVjpSmjUi5oQslHAs8x-jijlDiliuwuBrgo9atn2YXw7jAcAttbFE7HFrvY6EC2czwZ534R_9caTL2_ecCpxpm1eti2jzjXYPty3gDDdwQzyF2FB7hWH2aGxFf9RXPYN0BxoeO4YVMyOY"
}
```

{% hint style="info" %}
The actual login token is provided under the key `token` in the JSON response. Store this `token` securely immediately after creation because it will not be retrievable later.
{% endhint %}

## \[Adm.] Create By Email

Create a new `UserLoginToken` for a [User](/api-reference/users.md)'s email.

**Definition**

<mark style="color:yellow;">`POST`</mark> `/api/administration/users/login-tokens/email`

**Request Keys**

| Key                   | Type    | Default | Description                                                                           |
| --------------------- | ------- | ------- | ------------------------------------------------------------------------------------- |
| `login_user_email` \* | string  | -       | The `email` of the [User](/api-reference/users.md) to login.                          |
| `expires_in` \*       | integer | -       | The amount of seconds until the login token expires (between 1 and 86400 (24 hours)). |

Keys with `*` are required.

**Example Request**

{% tabs %}
{% tab title="PHP" %}

```php
$client = new GuzzleHttp\Client(['base_uri' => 'https://{tenant}.intratool.de']);
$response = $client->request('POST', '/api/administration/users/login-tokens/email', [
    'headers' => ['Authorization' => "Bearer {accessToken}"],
    'json' => [
        'login_user_email' => 'user.6@example.com',
        'expires_in' => 300
    ]
]);
```

{% endtab %}
{% endtabs %}

**Example Response**

```json
{
  "uuid": "a04b35a7-37c1-4b93-be9a-1b0afe73135e",
  "user_id": 2,
  "login_user_id": 6,
  "expires_at": "2025-11-01 12:50:00",
  "created_at": "2025-11-01 12:45:00",
  "updated_at": "2025-11-01 12:45:00",
  "token": "eyJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3NjI4NjIyODcsIm5iZiI6MTc2Mjg2MjI4NywiZXhwIjoxNzYyODYyNDA3LCJpc3MiOiJodHRwczpcL1wvdGVzdC5pbnRyYXRvb2wudGVzdFwvIiwiYXVkIjoiaHR0cHM6XC9cL3Rlc3QuaW50cmF0b29sLnRlc3RcLyIsImp0aSI6IjliMWEyZjFlLTNiZGEtNGRjMC1hYjRhLWM0NjdkYmIyODQwZiIsImx0aSI6ImEwNTRkNjBiLTNiODYtNGQyNS1iM2U5LTdmOGRhZjVkYzgxZiIsInN1YiI6M30.Ih_WS7xVsk6h_5PlS6L6d27GaUz8UOUmswsts3s1Ztdn45dfPzggr_3WdOXfEnSm-7RoFPEShIq8tupQmW8HVHaF5oPFxSpgkS-aQdRS7mx8qeBpI6KTb4OFKuOHlA6qBUvt9AIxnRxOAQl2BeGwTM1MlCMCf6dcAN-bYJ2hZYSExoh3tT8xDna-_l2jXIA8_LkrmsIxK3dCVdT-7KtMSnsf4ULCuPTAswe0FtqBFNG_yxIx6fjBn_KBfoCb2OdwVM-rFyyh6JIArbjYR-AOsqARaU1RI-YZGy7EeD7MAqDo75zzgjEPrwkT0aXDNpBkh6FUiYpvv0dsDlSLy_SSR5vDTGVluiDdZOrDrZTxZtkCMmM2DZER1Zrgxp2135eTDX4ckMlOv_aY6NvCOEhy8emirTh6qQmDzHTqpov-pfO6Izf1zUumctC4T0cGMxJImw8VjT3sGvHNLnAejUSf8pVnW2C9Gqn1z9-zBocn2nc3Krt_ChFio0kT-8M4MxiyNPpqIgm6XWXQYLaAjB_S5aQ4c196M7hVOM-CPSKwbn3g1pPXkgoJjbeB78ms93qVBIipVuppAwgWZ-8gJOOSNJGJt7aDfHfkiFjExPTUchH--xp5bvV5y13-YpXyvCPcsqEaAbcutvN5KncvfMZTrRuYyAU1frgokY0rZibuPOs"
}
```

{% hint style="info" %}
The actual login token is provided under the key `token` in the JSON response. Store this `token` securely immediately after creation because it will not be retrievable later.
{% endhint %}

## \[Adm.] Delete

Delete a `UserLoginToken` by `uuid`.

**Definition**

<mark style="color:red;">`DELETE`</mark> `/api/administration/users/login-tokens/{uuid}`

**Example Request**

{% tabs %}
{% tab title="PHP" %}

```php
$client = new GuzzleHttp\Client(['base_uri' => 'https://{tenant}.intratool.de']);
$response = $client->request('DELETE', '/api/administration/users/login-tokens/b123c456-de78-4f90-ab12-3456789abcde', [
    'headers' => ['Authorization' => "Bearer {accessToken}"]
]);
```

{% endtab %}
{% endtabs %}

**Example Response**

```json
{
  "status": "success",
  "data": null
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.api.intratool.de/api-reference/user-login-tokens.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.