# Sign In

Endpoint: POST /identity/sign-in
Version: 1.0

## Header parameters:

  - `x-fingerprint-id` (string, required)
    Unique device or session fingerprint identifier used for security and fraud prevention.

## Request fields (application/json):

  - `username` (string, required)
    User email or username.

  - `password` (string, required)
    User password.

## Response 200 fields (application/json):

  - `statusCode` (integer)
    Example: 200

  - `data` (object)

  - `data.token` (string)
    JWT access token.

  - `data.refreshToken` (string)
    JWT refresh token.

  - `data.authenticationType` (string)
    Type of token returned.
    Example: "Bearer"

  - `data.account` (object)

  - `data.account.id` (string)
    Account unique identifier.

  - `data.account.username` (string)
    Account username or email.

  - `data.account.status` (string)
    Account status.
    Example: "activated"

  - `data.account.createdAt` (string)
    When the account was created.

  - `data.account.emailHasBeenValidated` (boolean)
    Whether the email has been validated.

  - `data.account.phoneHasBeenValidated` (boolean)
    Whether the phone has been validated.

  - `data.user` (object)

  - `data.user.id` (string)
    User unique identifier.

  - `data.user.name` (string)
    Full name of the user.

  - `data.loggedAt` (string)
    Time when the login occurred.

  - `data.observation` (object)
    Contains information about authentication constraints or requirements.

  - `data.observation.code` (integer)
    Observation code. Possible values:
- 1 → ALL_RIGHT (no additional action required)
- 2 → TWO_FACTOR_VERIFICATION_NEEDED (two-factor verification is required)
- 3 → DEVICE_RECOGNITION_NEEDED (device recognition is required)
    Enum: 1, 2, 3

  - `data.observation.message` (string)
    Human-readable message related to the observation code.  
Possible values:
- all right
- two factor verification needed
- device recognition needed
    Enum: "all right", "two factor verification needed", "device recognition needed"

## Response 400 fields (application/json):

  - `message` (string)
    Invalid param: []
    Example: "Invalid param: []"

  - `error` (string)
    Bad Request
    Example: "Bad Request"

  - `statusCode` (integer)
    400
    Example: 400

## Response 401 fields (application/json):

  - `message` (string)
    Invalid field
    Example: "Unauthorized"

  - `error` (string)
    Unauthorized
    Example: "Unauthorized"

  - `statusCode` (integer)
    401
    Example: 401

## Response 403 fields (application/json):

  - `message` (string)
    Forbidden resource
    Example: "Forbidden resource"

  - `error` (string)
    Forbidden
    Example: "Forbidden"

  - `statusCode` (integer)
    403
    Example: 403

## Response 500 fields (application/json):

  - `message` (string)
    Internal server error
    Example: "Internal server error"

  - `error` (string)
    Internal Server Error
    Example: "Internal Server Error"

  - `statusCode` (integer)
    500
    Example: 500