Obtain a personal access token with email and password, then send it as a Bearer token on protected endpoints.
/api/login
No authentication required. Throttled to protect against brute-force attempts.
{
"email": "api@example.com",
"password": "your-password"
}
HTTP 200
{
"token": "1|aBcDeFgHiJkLmNoPqRsTuVwXyZ...",
"token_type": "Bearer"
}
Include the token on every authenticated request:
Authorization: Bearer 1|aBcDeFgHiJkLmNoPqRsTuVwXyZ...
curl -X POST https://ezforex.your-developer.co.za/api/login \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"email":"api@example.com","password":"your-password"}'