# Unattended Login source: https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/unattended/index.md Unattended logins are possible if the provider allows unattended logins and if the user has a `loginToken` that supports unattended login. Unattended logins are often used when the user returns to an application to get the latest updates to accounts and transactions. ```bash curl -X POST \ https://api.nordicapigateway.com/v1/authentication/unattended \ -H 'Content-Type: application/json' \ -H 'X-Client-Id: ' \ -H 'X-Client-Secret: ' \ -d '{ "userHash": "", "loginToken": "" }' ``` | **Name** | **Required** | **Type** | **Description** | |----------------------|--------------|----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `userHash` | Yes | `string` | A unique ID for the end-user. Go to [Identifying users](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/identifying-users/index.md) | | for more information | | | | | `loginToken` | Yes | `string` | A string that is obtained from `/v1/authentication/tokens` | Example response: ```json { "success": true, "session": { "expires": "2019-01-24T14:31:30.715+00:00", "accessToken": "mgAAAAVDaXBoZXJ0ZXh0AGAAAAAAT/r/zQ0oTYlDeBHmsv5JBFYwEGFwuxgtK5OSF+OBCHua1hpqFQ+rHX3e9JshuYt8Bximj6g6W/LUPRu+9fMbndYH/sH1W575WKHM4ooLLGi9xVeHIdZqFE6EU/FqLnTkBUl2ABAAAAAARsXSMJlFvIsD+cXVQ3I/KRBLZXlJZAAAAAAAAA==" }, "login": { "providerId": "DemoBank", "expires": "2019-07-26T14:21:35.233Z", "loginToken": "-ELT2-CgQAAAVDaXBoZXJ0ZXh0ANADAAAAU7sm0R08pCJfdJY9aV2IEHat/bFqFv4/O3/mX5jF/zk8bMNH1NJd9Xe2j+szXks8MWRzxS6itAtLwusG44s40dtI/tHLmw6/INbyKAmh9zyPEVz8hSQ4WRDfdcFgU6a0iOzl8qU2aLvcephdVstXv53IYtmok+4wf0NEJazCd+9y/b9nqGfLaGc3xaXjvtRxE4C6yQMoE0fhONtya53GQoyZTFBmIcFxb99Rgizf3Gis0aCg0eR1MDynPkP4DgoN4DewcFi51rgjkDR5OV1MWmanDDTGKnq6eevCQB05+rCyzH5Vyb/j6XfRSJiSZ9JWPDxCfpIKDtzzq5dqh9vq5mJVQVQZ7Q9/8yixdnOChSR+soj7G8xo5yeOEu6QUZBBm2uphWsBvLj22P1LbfoTQJ7vw2YUkg0dYhYKX7l1gOePgfirEYyeIK5HhnRJmxlJDcKY/hAEYMXkHdBIWlsfxiVaNkJCI3jaozm5SDaNUTeesQmRYGPANXR7vQoCoBiSTC/yLZPxFRoKbHhSsIn6BzH8o1N8k9OhlYOw3plEXAqh/ImDLNr3dJ1jVnbKlYRX0XKC7BTFxrlz0mq8Qc2Xg7PpygfXIgSTiq7jzlIdk39Tw83GfRR5VutGrH+kPmXgP6V/+vtgywmKGc7fwyc91kqJzw8crSOjWRWfOG7k9UGyD8QKJWyx4aJjBnnrTV6ekevYAhrF0dOro47aBfn4ic1lUITehwGdIDnoUYOCwU0bN3Csj1S64vWJkFvr9LacwbQKE8dyPzo8M22rSdIb8Bs2paFycYdsD3NtdB9L6uXyZ7lv1jiTHAYt/GzKRh9dQmEWRbCYZli+V0gjhjS06XfTapWWbqrBh5vxLEDgT2Xe0SDZ140kZ56PuRs+ppaYfahbh/+CKqjnftAcBhS/ouqaJGlsBg26yMnCi5gLjJYcJ8t6lAzP/M5GHopyFOai20RpbVVAB/KsuAbculheDKta9jlIevh1vJYjTBlehkgwV+i0jJ7JSKYUXOWZ1j6zdnX5OIg05OE/sVnWFeeN/TXL2ZIBLIkrdz4/MVyssK4Cz59uq6MfXrpf2K5tJ+Eo7KW4/a68NbxXZn2dHLBrb5+4Bjrrjx14ZZ7y5vGVjaq98frxWdsAPuOQ+YNszu9tvXbOywJIVQWWGe+/d4DYumvuksz7XA22pmB9fbSwJcyi9ZVHqSNl6qWD4yWn8PoAUDN49W5/SmPR5K08lO1F1Q22AU7LUcLHDdABd6MQmC3Gm+QdU16DwzeVIEPO1V7Qulx8Va90VnlOWAuLH25e7QVJdgAQAAAAABeYbvPV43o9uBYCz78nBLUQS2V5SWQAAAAAAAA=", "supportsUnattended": true, "label": "DemoBank 1/24/2019 2:21:35 PM", "subjectId": "da367596bbcc71be334fa7ed2c83c2be9d55a024d6813482e1b932998f98d36d" }, "providerId": "DemoBank" } ``` Refer to [Login flows](https://developer.mastercard.com/open-finance-europe/documentation/licensed/aiia-enterprise/connect/login-flows/index.md) for more information about the response data. Note: A `loginToken` is only valid as long as the end-user is using the same credentials as when the `loginToken` was created. Essentially, that means if the end-user revokes access to the provider, it will automatically make the `loginToken` invalid.