> ## Documentation Index > Fetch the complete documentation index at: https://docs.dintero.com/llms.txt > Use this file to discover all available pages before exploring further. # Login with email/password > Login a customer user, the caller must have scope `write:accounts:/auth/users`. If MFA is enabled on account, use `write:accounts:/auth/users/no-mfa` to skip MFA. scopes: - write:accounts:/auth/users - write:accounts:/auth/users/no-mfa ## OpenAPI ````yaml /mintlify-docs/openapi/spec-customers.yaml post /accounts/{aid}/customers/login openapi: 3.0.0 info: title: Customers API description: > API for managing customers # Changelog All notable changes to the API. ## 2026-02-13 > **new**: Add endpoint for searching organization subunits (branches). > Extended organization search to include `underenheter` (subunits) information in the response. > Currently supports Norway (`no`) organization lookups. > - [GET /search/external/organizations/{country}/{organization_number}/subunits](/customers-api/organizations/aid_get_external_organization_subunits) > - [GET /search/external/organizations/{country}/{organization_number}](/customers-api/organizations/aid_get_external_organizations) ## 2025-07-01 > **new**: Extend `marketing_consent` for customer user to support custom consents > - [POST /customers/users](/customers-api/users/aid_customers_post) ## 2024-09-01 > **new**: Make country parameter dynamic and add support for Denmark. > - [GET /search/external/organizations/no (renamed to GET /search/external/organizations/{country})](/extension-api/organizations/aid_search_external_organizations_country) ## 2024-03-01 > **doc**: Improve description for customer `enrolled_by` type, add > examples > - [POST /customers/users](/customers-api/users/aid_customers_post) ## 2023-10-01 > **new**: Support new customer type `contact`. A user contact can be > linked with users and a search matching a contact will match its > linked users > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) > - [GET /v1/accounts/{aid}/customers/users?type=contact](/customers-api/users/aid_customers_get) ## 2023-09-01 > **new**: Add endpoint for validating a given address and returning close matching alternatives if found. > - [POST /v1/accounts/{aid}/search/external/address/{country}/validate](/customers-api/addresses/aid_search_external_validate_address) ## 2020-12-01 > Add endpoint for getting multiple addresses for given organization number. > - [GET /search/external/organizations/{country}/{organization_number}](/customers-api/organizations/aid_get_external_organizations) ## 2021-10-01 > Support multiple users sharing the same `phone_number`. Use the new `users.phone_number_validation.allow_duplicates` option to control the unique phone_number constraint on users > - [PUT /customers/settings](http://localhost:8080/customers-api/settings/aid_customers_atributes_put) ## 2021-03-01 > Support new [customer](customer) type `other`. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2021-02-01 > Extend customer `enrolled_by.type` to allow any string value, not just `url`, > `store` and `custom`. > > - [POST /v1/accounts/{aid}/customers/users](/customers-api/users/aid_customers_post) > - [PUT /v1/accounts/{aid}/customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) > Add support for removing customer terms and `include_deleted` when getting > list of all terms. > > - [DELETE /v1/accounts/{aid}/customers/terms/{tid}](/customers-api/terms/aid_customers_terms_tid_delete) > - [GET /v1/accounts/{aid}/customers/terms/{tid}](/customers-api/terms/aid_customers_terms_get) ## 2021-01-01 > Add support for limited access to customer > details with `user:customers:/customer/details` > - [GET /v1/accounts/{aid}/customers/users/{customer_id}](/customers-api/users/aid_customers_cid_get) > > Add support for logging on without MFA even if configured with MFA > - [GET /v1/accounts/{aid}/customers/login](/customers-api/password/aid_customers_login_post) ## 2020-12-01 > **new** Support filter users with `type` query parameter. > - [GET /v1/accounts/{aid}/customers/users?type=company](/customers-api/users/aid_customers_get) ## 2020-11-01 > **new** Support filter user tokens with `include_deleted` query parameter. > - [GET /v1/accounts/{aid}/customers/users/{cid}/tokens?include_deleted=false](/customers-api/tokens/aid_customers_cid_tokens_get) > **new** Support filter and search on sales locations > - [GET /v1/accounts/{aid}/locations](/customers-api/locations/aid_locations_get) > **new** Extend SalesLocation with `address.latitude`, `address.longitude`, > `chain`, `mcc`, `gln` and `franchise`. The `account_id` will be included > in any SalesLocation responses. > - [GET /v1/accounts/{aid}/locations](/customers-api/locations/aid_locations_get) ## 2020-05-01 > Add setting for require verification when updating user phone_number. Prevent > all update of user phone_number without completing a verification via SMS. > - [PUT /customers/settings](http://localhost:8080/customers-api/settings/aid_customers_atributes_put) ## 2020-04-01 > Adds proxy to enhetsregisteret. > - [GET /search/external/organizations/no/?name=dintero](#operation/aid_search_external_organizations_no) ## 2020-03-10 > Add support for `attributes_keys` and `attributes_values` query > parameters for filtering customer users > - [GET /customers/users?attributes_keys=key&attributes_values=value](/customers-api/users/aid_customers_get) ## 2020-02-28 > Add support for enabling automatic tokens when phone numbers or emails change > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) ## 2019-09-31 > Extends settings with support for configuring > users `customer_id_format`. > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) > Extends the TokenEvent definition with `expires_at > read only property. > Extends settings with support for configuring > token events expiry > - [PUT /customers/settings](/customers-api/settings/aid_customers_atributes_put) ## 2019-07-31 > Extend user Address, add support for `latitude`, > `longitude` and `comment` properties. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2019-07-31 > Add new endpoint for deleting a tag > - [DELETE /customers/tags/{tag_id}](/customers-api/tags/aid_customers_tags_tid_delete) ## 2019-06-31 > The scope required for accessing endpoint has changed, > we will continue to support the old scopes but they was removed from > the documentation ## 2019-05-31 > Make type and company property optional when updating > a customer user > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2019-01-31 > Support new customer type `employee`. > - [POST /customers/users](/customers-api/users/aid_customers_post) > - [PUT /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_put) ## 2018-06-04 > Adding tokens to deleted customers will > now fail with BAD_REQUEST. > - [POST /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Duplication control of `customer.email` is now > case insensitive. email case will be ignore on Search and login. > Add support for query parameter > `total` on GET user/token lists. Includes a `total-count` > header in the response when enabled.. > - [GET /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_get) ## 2018-04-11 > Add support for `delete_token_events` parameter when > creating > - [POST /customers/users/{customer_id}/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Add support for filtering token events by `since_datetime`. > - [GET /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_get) > Delete customer and all tokens owed by the customer in one > request when using `delete_tokens` query parameter. > - [DELETE /customers/users/{customer_id}](/customers-api/users/aid_customers_cid_delete) > Token event status. The status in response will now be set > to `customer.status` if a customer with status is included > in the response. > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) ## 2018-02-15 > Add minimum length for token token_id/type/value > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) > - [DELETE /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_delete) > - [POST /customers/users/uid/tokens](/customers-api/tokens/aid_customers_cid_tokens_post) > Add endpoint for GET/DELETE token events > - [DELETE /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_delete) > - [GET /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_get) ## 2018-02-02 > Add `type` property to the customer. > Support multiple customer types, add support for Company type for > additional properties > Move endpoints for retrieving/updating token (events), > use one endpoint for both retrieving and updating details about a token > - [POST /customers/tokens/events](/customers-api/tokens/aid_customers_tokens_events_post) contact: name: API Integration Support email: integration@dintero.com version: LATEST license: name: UNLICENSED url: https://dintero.com servers: - url: https://api.dintero.com/v1 security: - JWT: [] paths: /accounts/{aid}/customers/login: post: tags: - password summary: aid_customers_login_post description: | Login a customer user, the caller must have scope `write:accounts:/auth/users`. If MFA is enabled on account, use `write:accounts:/auth/users/no-mfa` to skip MFA. scopes: - write:accounts:/auth/users - write:accounts:/auth/users/no-mfa operationId: aid_customers_login_post parameters: - $ref: '#/components/parameters/accountId' requestBody: content: application/json: schema: allOf: - $ref: '#/components/schemas/Auth' - required: - password properties: password: type: string minLength: 4 maxLength: 255 description: > The customer pin or password. The caller must have scope `write:accounts:/auth/users` or `write:accounts:/auth/users/no-mfa` when password is included in the body description: credentials required: true responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/AccessToken' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/AccessForbidden' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/ServerError' security: - JWT: [] components: parameters: accountId: name: aid description: | An id that uniquely identifies the account. in: path required: true schema: type: string format: ^[PT]{1}\d{8}$ minLength: 9 maxLength: 9 schemas: Auth: type: object required: - audience - type properties: email: type: string description: | **Required** if `ident_type` and `ident` is not set ident_type: type: string description: | **Required** if `email` is not set enum: - phone_number - email ident: type: string description: | Email or phone_number, depending on the `ident_type`. **Required** if `email` is not set. audience: type: string description: | The unique identifier of the target API you want to access. The audience must be a grant associated with the client used when calling this resource. type: type: string enum: - customer - company description: | user type to login, required as users with different type can share email AccessToken: type: object required: - access_token - token_type - expires_in properties: access_token: type: string description: A JWT access token example: eyJhbGci...t7P4 token_type: type: string enum: - Bearer expires_in: type: integer description: | The lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. example: 86400 refresh_token: type: string description: | Token that can be used to request new tokens when the existing Access Token expire. You can only get a Refresh Token if the Access Token used in the request has scope: - `create:accounts:auth:refresh_token` and the `grant-type` is one of: - `authorization_code` - `password` **NOTE**: - A Single-Page Application should not ever receive a Refresh Token, this information is sensitive and should not be exposed client-side in a browser. - Refresh token must be stored securely by an application since they allow a user to remain authenticated essentially forever. Error: type: object required: - error properties: error: type: object required: - message properties: code: type: string description: The code used to identify the error/warning errors: type: array description: The nested error(s) encountered during validation items: type: object message: type: string description: The human readable description of the error/warning responses: BadRequest: description: Bad / Invalid request content: application/json: schema: $ref: '#/components/schemas/Error' AccessForbidden: description: Access forbidden, invalid JWT token was used content: application/json: schema: $ref: '#/components/schemas/Error' Forbidden: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/Error' ServerError: description: Unexpected Error content: application/json: schema: $ref: '#/components/schemas/Error' securitySchemes: JWT: type: http description: > Bearer authentication (token authentication) should be used for accessing the API. Use [Get Token](/api-reference/authenticate/aid_auths_oauth_token_post) to get an access token for client credentials. Pass the token in the request header: Authorization: Bearer {access_token} where the **access_token** is JSON Web Tokens (JWT). scheme: bearer bearerFormat: JWT ````