Log in
Use the Log in screen to authenticate a user, create an active session, and present MFA when the account requires extra verification.
This screen defines the main entry point to the Air Doctor App and supports secure access control for all integration levels.
This screen includes:
- Email and Password input fields.
- A User ID label that copies the ID to the clipboard when the user selects it.
- A Reset password link. Select Forgot your password? to open the Reset Password screen.
- A Verification Code field that appears only when the account has MFA enabled. See Enable MFA.
- A Log in button that submits credentials.
- Automatic redirection to the Appointment List screen on a desktop after successful login when the integration level delegates navigation to Air Doctor (for example, Levels 1–2).
A User ID is a unique user identifier. Support teams use it to locate and reference the user’s account.
Workflow
This sequence describes how the user enters the Air Doctor App through the SDK authentication flow.
- Open the Air Doctor app from the host app or through direct launch.
- Enter a valid email and password.
- If the account has MFA enabled, enter the verification code.
- Select Log in.
Session State Summary
The SDK maintains these session states: Unauthenticated, Authenticating, Active, Expired, and Logged out.
- After successful authentication, the SDK stores the session token in a secure location.
- When the session expires, the SDK triggers
onSessionExpiredand displays the log in screen. - When the user logs out, the SDK clears cached credentials and displays the log in screen.
To reset a password, select Forgot your password? See Reset Password.
Navigation After Login
After a successful login, the next screen depends on the integration level.
- Levels 1–2: Air Doctor controls navigation and moves to the Home Screen or Appointment List.
- Levels 3–4: Air Doctor exposes entry points; the host app selects the next screen.
- Levels 5–6: The host app controls routing after a successful
loginoperation.
Validations
These rules control input safety and enforce account security requirements.
| Scenario | App Behavior | SDK Output |
|---|---|---|
| User submits the form with an empty Email or Password field. | Blocks submission and highlights the missing field. | Returns a validation error for required fields. |
| Email does not match a registered account. | Displays “Email is required.” or a similar message that indicates an unknown account. | Returns an error code that identifies an unknown user. |
| Password does not meet account rules or does not match the account. | Displays “Invalid username or password.”. | Returns INVALID_CREDENTIALS. |
| Account has MFA enabled and the user does not provide a valid code. | Displays “Invalid username or password.” or an MFA-specific message. | Returns MFA_REQUIRED when the code is missing and INVALID_CREDENTIALS when the code is invalid. |
| User selects an expired password reset link. | Displays “This link is no longer valid.”. | Returns an error that identifies an expired reset token. |
The SDK validates these conditions before it confirms an active session.
Actions
Authentication and session control depend on the integration level.
Session Control
| Scenario | App Behavior | SDK Output | Integration Level Impact |
|---|---|---|---|
| No valid session exists. | Displays the log in screen (showLogin()). | Exposes an unauthenticated state. | Levels 1–2: Air Doctor displays the screen inside its own flow. Levels 3–4: Air Doctor module displays the screen inside the host app shell. Levels 5–6: Partner decides when to display a custom log in UI. |
| User submits valid credentials (and MFA code when required). | Starts an authenticated session and hides the log in form. | Returns session token and user context. | Levels 1–3: Air Doctor controls the visual flow. Level 4: Air Doctor module runs inside partner navigation. Levels 5–6: Partner consumes token and context through SDK or Open API. |
| Account has MFA enabled. | Displays the MFA prompt when credentials are valid but MFA is pending. | Returns a response that indicates MFA requirements. | Levels 1–3: Air Doctor displays the MFA UI. Level 4: Air Doctor module displays MFA within the host shell. Levels 5–6: Partner displays MFA UI and calls the backend with the code. |
Logout and Expiration Control
| Scenario | App Behavior | SDK Output | Integration Level Impact |
|---|---|---|---|
Host app calls logout(). | Clears cached credentials and displays the log in screen. | Emits onLogout. | Levels 1–3: Air Doctor controls the log out UX. Level 4: Air Doctor module triggers a navigation event. Levels 5–6: Partner controls log out UI and follow-up flows. |
| Session token is invalid or expired. | Displays the log in screen. | Emits onSessionExpired. | Levels 1–2: Air Doctor displays a re-authentication prompt. Levels 3–4: Host app decides where to show the log in module. Levels 5–6: Partner owns the flow after onSessionExpired. |
Endpoint Resources
Login
PUT
/account/profile/login
This endpoint returns the login screen configuration and the current session state.
Integrators can override labels and colors with SDK configuration keys:
ui.login.button, ui.mfa.label, ui.error.invalidCredentials, and theme.primaryColor.
UI Element Types
| Level | Reference | Type | Value | Placement |
|---|---|---|---|---|
| 1 | change-language | Toolbar | [Change language] | — |
| 1 | logo | Illustration | [AirDr Logo] | ^100 |
| 1 | log-message | Section | Please log in to continue | ^ |
| 1 | email | Email address | — | |
| 1 | password | Password | Password | — |
| 1 | mfa | Integer | Authentication code | — |
| 1 | login | Button | Log in | — |
| 1 | spaser | Spacer | — | — |
| 1 | reset-password | Link | Forgot your password? Click here to reset | ^ |
Login
POST
/account/login
This endpoint authenticates the user with credentials. If the account has MFA enabled, include a verification code.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
username | String | Yes | Doctor’s email address. |
password | String | Yes | Doctor’s account password. |
mfaCode | String | No | MFA verification code, if required. |
Errors
| Code | Description |
|---|---|
FIELDS_VALIDATION_ERROR | One or more fields are missing or invalid. |
MFA_REQUIRED | MFA is enabled but mfaCode is missing. |
INVALID_CREDENTIALS | Credentials are incorrect. |
Social Login (Patient only)
POST
/account/login/social
This endpoint authenticates a user through a supported social login provider.
The SDK creates a valid session when the social provider token is valid.
Query Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | String | Yes | OAuth access token that the social provider issues. |
Validate Email
PATCH
/api/v3/account/login
Validates the user’s login email.
The response updates field visibility and error states on the login page according to the email format and account rules.