> ## Documentation Index
> Fetch the complete documentation index at: https://docs2.petstoreapi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Token (Login)

> Authenticate user and obtain an access token.



## OpenAPI

````yaml api-reference/modern-petstore-3.1.openapi.json post /auth/tokens
openapi: 3.1.0
info:
  title: Modern Petstore API
  summary: A modern, realistic pet store API demonstrating current best practices
  description: >-
    This is a modern Pet Store API based on the OpenAPI 3.2 specification. It
    demonstrates contemporary API design patterns and best practices including
    RESTful compliance, proper HTTP methods, structured error responses (RFC
    9457), and modern authentication flows.


    Key features include pet catalog browsing, adoption workflow, order
    management, user accounts, AI-powered chat advisor, and real-time event
    notifications via webhooks. The API showcases OpenAPI 3.2 capabilities like
    hierarchical tags, QUERY HTTP method, OAuth device flow, and server-sent
    events.


    Some useful links:

    - [API Documentation](https://docs.petstoreapi.com)

    - [Source Code Repository](https://github.com/petstoreapi/PetstoreAPI)

    - [OpenAPI
    Specification](https://petstoreapi.com/v1/specs/modern-petstore-3.2.openapi.yaml)
  version: 1.0.0
  contact:
    name: Petstore API Support
    url: https://petstoreapi.com/support
    email: support@petstoreapi.com
  license:
    name: MIT
    identifier: MIT
servers:
  - url: https://api.petstoreapi.com/v1
    description: Production server
security:
  - bearerAuth: []
  - oauth2: []
tags:
  - name: Store
    description: Store operations including orders and inventory
  - name: Pet
    description: Pet catalog and management operations
  - name: Payments
    description: Payment processing with polymorphic payment sources
  - name: User
    description: User account management
  - name: Chat
    description: >-
      AI-powered chat completions with streaming support using Server-Sent
      Events (SSE)
    externalDocs:
      description: Learn more about Chat API
      url: https://petstoreapi.com/docs/chat
  - name: Webhooks
    description: Event-driven webhook notifications (OpenAPI 3.2)
    externalDocs:
      description: Learn more about webhooks
      url: https://petstoreapi.com/docs/webhooks
paths:
  /auth/tokens:
    post:
      tags:
        - User
      summary: Create Token (Login)
      description: Authenticate user and obtain an access token.
      operationId: createToken
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - username
                - password
              properties:
                username:
                  type: string
                  description: Login username
                  examples:
                    - johndoe
                password:
                  type: string
                  writeOnly: true
                  description: User password (never returned in responses)
                  examples:
                    - securePassword123
              unevaluatedProperties: false
            example:
              username: kylekinh
              password: SecurePass123!
      responses:
        '200':
          description: Login successful
          content:
            application/json:
              schema:
                type: object
                properties:
                  token:
                    type: string
                    description: Authentication token
                  expiresAt:
                    type: string
                    format: date-time
                    description: Token expiration time
          headers:
            RateLimit-Limit:
              $ref: '#/components/headers/RateLimit-Limit'
            RateLimit-Remaining:
              $ref: '#/components/headers/RateLimit-Remaining'
            RateLimit-Reset:
              $ref: '#/components/headers/RateLimit-Reset'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '422':
          $ref: '#/components/responses/UnprocessableEntity'
        '429':
          $ref: '#/components/responses/TooManyRequests'
      deprecated: false
      security: []
components:
  headers:
    RateLimit-Limit:
      description: The maximum number of requests allowed in the current time window
      schema:
        type: integer
      example: 100
    RateLimit-Remaining:
      description: The number of requests remaining in the current time window
      schema:
        type: integer
      example: 95
    RateLimit-Reset:
      description: The time at which the current rate limit window resets (Unix timestamp)
      schema:
        type: integer
      example: 1702648800
  responses:
    Unauthorized:
      description: Unauthorized - Authentication required
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            missing-token:
              summary: Missing authentication token
              value:
                type: https://petstoreapi.com/errors/unauthorized
                title: Unauthorized
                status: 401
                detail: >-
                  Authentication is required to access this resource. Please
                  provide a valid OAuth 2.0 token.
    UnprocessableEntity:
      description: Unprocessable entity - Validation errors
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            validation-errors:
              summary: Validation errors
              value:
                type: https://petstoreapi.com/errors/validation-error
                title: Validation Error
                status: 422
                detail: The request body contains validation errors.
                instance: /pets
                errors:
                  - field: name
                    message: Pet name is required
                    code: required_field
                  - field: status
                    message: Invalid status value
                    code: invalid_format
    TooManyRequests:
      description: Too many requests - Rate limit exceeded
      headers:
        RateLimit-Limit:
          $ref: '#/components/headers/RateLimit-Limit'
        RateLimit-Remaining:
          schema:
            type: integer
          example: 0
        RateLimit-Reset:
          $ref: '#/components/headers/RateLimit-Reset'
        Retry-After:
          description: Number of seconds to wait before retrying
          schema:
            type: integer
          example: 60
      content:
        application/problem+json:
          schema:
            $ref: '#/components/schemas/Error'
          examples:
            rate-limit-exceeded:
              summary: Rate limit exceeded
              value:
                type: https://petstoreapi.com/errors/rate-limit-exceeded
                title: Too Many Requests
                status: 429
                detail: >-
                  Rate limit exceeded. Please wait 60 seconds before making
                  another request.
  schemas:
    Error:
      type: object
      description: RFC 9457 Problem Details for HTTP APIs
      required:
        - type
        - title
        - status
      properties:
        type:
          type: string
          format: uri
          description: A URI reference that identifies the problem type
          examples:
            - https://petstoreapi.com/errors/not-found
            - https://petstoreapi.com/errors/validation-error
        title:
          type: string
          description: A short, human-readable summary of the problem
          examples:
            - Resource Not Found
            - Validation Error
        status:
          type: integer
          description: The HTTP status code
          examples:
            - 404
            - 400
            - 422
        detail:
          type: string
          description: A human-readable explanation specific to this occurrence
          examples:
            - The requested pet with ID '123' was not found
        instance:
          type: string
          format: uri
          description: A URI reference that identifies the specific occurrence
          examples:
            - /v1/pets/123
        errors:
          type: array
          description: Detailed validation errors (for 422 responses)
          items:
            type: object
            required:
              - field
              - message
            properties:
              field:
                type: string
                description: The field that failed validation
              message:
                type: string
                description: Description of the validation error
              code:
                type: string
                description: Machine-readable error code
            unevaluatedProperties: false
      unevaluatedProperties: false
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: >-
        Bearer token authentication using JWT (JSON Web Token). Include the
        token in the Authorization header as: `Authorization: Bearer <token>`
    oauth2:
      type: oauth2
      description: >-
        OAuth 2.0 authorization with multiple flows including device
        authorization for IoT devices and smart TVs
      flows:
        authorizationCode:
          authorizationUrl: https://auth.petstoreapi.com/authorize
          tokenUrl: https://auth.petstoreapi.com/token
          refreshUrl: https://auth.petstoreapi.com/refresh
          scopes:
            read:pets: Read pet information
            write:pets: Create and update pets
            read:orders: Read order information
            write:orders: Create and manage orders
            read:user: Read user profile
            write:user: Update user profile
            chat:write: Access AI chat completions

````