> ## Documentation Index
> Fetch the complete documentation index at: https://kernel.sh/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Start login flow

> Starts a login flow for the auth connection. Returns immediately with a hosted URL for the user to complete authentication, or triggers automatic re-auth if credentials are stored.



## OpenAPI

````yaml https://app.stainless.com/api/spec/documented/kernel/openapi.documented.yml post /auth/connections/{id}/login
openapi: 3.1.0
info:
  title: Kernel API
  description: Developer tools and cloud infrastructure for AI agents to use web browsers
  version: 0.1.0
servers:
  - url: https://api.onkernel.com
    description: API Server
security:
  - bearerAuth: []
tags:
  - name: Browsers
    description: Create and manage browser sessions.
  - name: Browser Computer Controls
    description: Control mouse, keyboard, and screen on the browser instance.
  - name: Browser Playwright
    description: Execute Playwright code against the browser instance.
  - name: Browser Filesystem
    description: Read, write, and manage files on the browser instance.
  - name: Browser Processes
    description: Execute and manage processes on the browser instance.
  - name: Browser Replays
    description: Record and manage browser session video replays.
  - name: Browser Logs
    description: Stream logs from the browser instance.
  - name: Browser Telemetry
    description: Stream live telemetry events from a browser session.
  - name: Profiles
    description: Create, list, retrieve, and delete browser profiles.
  - name: Proxies
    description: Create and manage proxy configurations for routing browser traffic.
  - name: Extensions
    description: Create, list, retrieve, and delete browser extensions.
  - name: Browser Pools
    description: Create and manage browser pools for acquiring and releasing browsers.
  - name: Managed Auth
    description: >-
      Create and manage auth connections for automated credential capture and
      login.
  - name: Credentials
    description: Create and manage credentials for authentication.
  - name: Credential Providers
    description: Configure external credential providers like 1Password.
  - name: Apps
    description: List applications and versions.
  - name: Deployments
    description: Create and manage app deployments and stream deployment events.
  - name: Invocations
    description: Invoke actions and stream or query invocation status and events.
  - name: Organization
    description: Read and manage organization-level limits.
  - name: Projects
    description: Create and manage projects for resource isolation within an organization.
  - name: API Keys
    description: Create and manage API keys for organization and project-scoped access.
  - name: Audit Logs
    description: Read audit log records for the authenticated organization.
paths:
  /auth/connections/{id}/login:
    post:
      tags:
        - Managed Auth
      summary: Start login flow
      description: >-
        Starts a login flow for the auth connection. Returns immediately with a
        hosted URL for the user to complete authentication, or triggers
        automatic re-auth if credentials are stored.
      operationId: postAuthConnectionsLogin
      parameters:
        - name: id
          in: path
          required: true
          schema:
            type: string
          description: Auth connection ID
      requestBody:
        required: false
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LoginRequest'
      responses:
        '200':
          description: Login flow started
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LoginResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '404':
          $ref: '#/components/responses/NotFound'
        '409':
          description: Login flow already in progress
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Error'
        '500':
          $ref: '#/components/responses/InternalError'
      security:
        - bearerAuth: []
      x-codeSamples:
        - lang: JavaScript
          source: |-
            import Kernel from '@onkernel/sdk';

            const client = new Kernel({
              apiKey: process.env['KERNEL_API_KEY'], // This is the default and can be omitted
            });

            const loginResponse = await client.auth.connections.login('id');

            console.log(loginResponse.id);
        - lang: Python
          source: |-
            import os
            from kernel import Kernel

            client = Kernel(
                api_key=os.environ.get("KERNEL_API_KEY"),  # This is the default and can be omitted
            )
            login_response = client.auth.connections.login(
                id="id",
            )
            print(login_response.id)
        - lang: Go
          source: "package main\n\nimport (\n\t\"context\"\n\t\"fmt\"\n\n\t\"github.com/kernel/kernel-go-sdk\"\n\t\"github.com/kernel/kernel-go-sdk/option\"\n)\n\nfunc main() {\n\tclient := kernel.NewClient(\n\t\toption.WithAPIKey(\"My API Key\"),\n\t)\n\tloginResponse, err := client.Auth.Connections.Login(\n\t\tcontext.TODO(),\n\t\t\"id\",\n\t\tkernel.AuthConnectionLoginParams{},\n\t)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\tfmt.Printf(\"%+v\\n\", loginResponse.ID)\n}\n"
components:
  schemas:
    LoginRequest:
      type: object
      description: Request to start a login flow
      properties:
        proxy:
          $ref: '#/components/schemas/ProxyRef'
        record_session:
          type: boolean
          description: >-
            Override the connection's default for recording this login's browser
            session. When omitted, the connection's record_session default is
            used.
          example: true
      additionalProperties: false
    LoginResponse:
      type: object
      description: Response from starting a login flow
      required:
        - id
        - flow_type
        - hosted_url
        - flow_expires_at
      properties:
        id:
          type: string
          description: Auth connection ID
          example: ma_abc123xyz
        flow_type:
          type: string
          enum:
            - LOGIN
            - REAUTH
          description: Type of login flow started
          example: LOGIN
        hosted_url:
          type: string
          format: uri
          description: URL to redirect user to for login
          example: https://auth.kernel.com/login/abc123xyz
        flow_expires_at:
          type: string
          format: date-time
          description: When the login flow expires
          example: '2025-11-05T20:00:00Z'
        handoff_code:
          type: string
          description: One-time code for handoff (internal use)
          example: aBcD123EfGh456IjKl789MnOp012QrStUvWxYzAbCdEf
        live_view_url:
          type: string
          format: uri
          description: Browser live view URL for watching the login flow
          example: https://live.onkernel.com/abc123xyz
      additionalProperties: false
    Error:
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Application-specific error code (machine-readable)
          example: bad_request
        message:
          type: string
          description: Human-readable error description for debugging
          example: 'Missing required field: app_name'
        details:
          type: array
          description: Additional error details (for multiple errors)
          items:
            $ref: '#/components/schemas/ErrorDetail'
        inner_error:
          $ref: '#/components/schemas/ErrorDetail'
    ProxyRef:
      type: object
      description: >
        Proxy selection. Provide either id or name. The proxy must be in the
        same project as the resource referencing it.

        When selecting by name, the name must match exactly one active proxy in
        the project. Ambiguous names return a 400; use id for stable references.
      properties:
        id:
          type: string
          description: Proxy ID
        name:
          type: string
          description: Proxy name
      oneOf:
        - required:
            - id
        - required:
            - name
    ErrorDetail:
      type: object
      properties:
        code:
          type: string
          description: Lower-level error code providing more specific detail
          example: invalid_input
        message:
          type: string
          description: Further detail about the error
          example: Provided version string is not semver compliant
  responses:
    BadRequest:
      description: Bad Request – invalid input
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Unauthorized:
      description: Unauthorized – missing or invalid authorization token
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    Forbidden:
      description: Forbidden – insufficient permissions or plan
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
    InternalError:
      description: Internal Server Error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/Error'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer

````