POST /api_order/login — Authenticate and get a token

Use this endpoint to authenticate and receive a session token. You must call this before making any other API request — all other endpoints require the token this endpoint returns.

POST https://bpm.mioesim.com/api_order/login

Tokens expire after 2 hours. Logging in again immediately invalidates your previous token. Cache the token locally and refresh it proactively before it expires rather than calling login on every request.

Request parameters

phonenumber

string

required

Your MIOeSIM account phone number. This is your login username.

password

string

required

Your MIOeSIM account password.

sign

string

required

Request signature computed from phonenumber and password. See Computing the signature for the full algorithm.

Response fields

code

integer

required

Status code. 1 indicates success. Negative values indicate errors — see the error table below.

message

string

required

Human-readable status description.

data

object

Present on success. Contains the session token.

Show properties

token

string

Session token to include in all subsequent requests. Valid for 2 hours.

Error codes

Code	Meaning
`1`	Success — token returned in `data.token`
`-1`	Wrong username or password
`-2`	Username or password is empty
`-3`	Account does not have API call permission
`-30`	Signature (`sign`) is incorrect

If you receive code -30, verify that your signature algorithm sorts all parameters alphabetically and that you are using the correct secret key. See Computing the signature.

Example

curl --request POST \
  --url "https://bpm.mioesim.com/api_order/login" \
  --header "Content-Type: application/json" \
  --data '{
    "phonenumber": "13800000000",
    "password": "mypassword",
    "sign": "a1b2c3d4e5f67890abcdef1234567890"
  }'

​Request parameters

​Response fields

​Error codes

​Example

Request parameters

Response fields

Error codes

Example