Identity Management

POST /signin

Requires authentication with server access token.

This endpoint generates an unique token (5 minutes of expiration time) sent to user's e-mail, that allows user to log-in to Schibsted account without providing his/hers credentials.

  • Only one token per user can be active at one time.
  • User doesn't have to be previously registered at Schibsted account.

You can further improve user's experience by setting context of token e-mail & confirmation page by providing a Client information.

Help us improve

Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave us a comment.


POST /api/2/signin



Email of the user



Where to redirect the user after completing signin request



Remember user on this device. 0 or 1, defaults to 1 which is remember



Example request

Minimal example
curl \
   -X POST \
   -H "Authorization: Bearer [access token]" \
   -d "identifier=14" \
   -d "redirectUri="
With all parameters
curl \
   -X POST \
   -H "Authorization: Bearer [access token]" \
   -d "identifier=14" \
   -d "redirectUri=" \
   -d "remember=1" \
   -d "context=Foo bar"


This endpoint supports the JSON response format.

Success: 201 Created

Created a new signin request

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 302 Found The email address is blocked
  • 400 Bad Request Signin request could not be created
  • 400 Bad Request Required identifier parameter is missing
  • 400 Bad Request Required identifier parameter is invalid
  • 400 Bad Request Required redirectUri parameter is missing
  • 400 Bad Request Required redirectUri parameter is invalid or not matching requesting client
  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact Schibsted account to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 409 Conflict Signin request could not be created
  • 420 Request Ratelimit exceeded

Sample response

"Signin request created and sent"


Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.