[Solved] Users created under Experience cannot login to the app


How can a user created under Experience login to the app? The user was created, assigned group and given a full permission but when I tried to login with that user, it give me an unauthorized error message.


An Experience User is not a “Losant” user; they do not have full permissions to the Losant API and thus cannot log in to the web app or authenticate against the Losant API. Rather, Experience Users only have access to the endpoints (public, private, or those open only to specific users) you create under the same application the users were created in.

Can I ask, what were you hoping to do with the Experience User you created? This may help us in evolving the feature, or if not that, we may be able to suggest an alternative approach.

1 Like

Thank you for reply!
I want experience user to be able to login to Losant because, we have got a website and it’s fetching devices’s data from Losant via Ruby API.
What I am trying to achieve here is after user registered their account on my site, they will be able to login and see their data.
We used API for Ruby, like below:
[1] client = LosantRest::Client.new(auth_token: ‘TOKEN’ , url: “https://api.losant.com”)
And get info:
[2] losant_device_info = client.device.get(applicationId: ‘xxxxxxxxxx’, deviceId: ‘yyyyyyyy’ )
At [1] if I set TOKEN is nil, it’s can not get data, return error.
so I need to get a token by username on Losant before. But Losant response only a token for Losant’s account, not experience user, like you suggested!
What have I missed here? Thanks!


One more thing in my system:
That I want user can create their own devices, and all of it in one my app on Losant!
How can I do it?


A great place to start will be our Experiences Walkthrough. It covers a few of the topics you’re interested in, specifically adding a device and getting device data.

I also wanted to add a little clarification on the types of users within Losant.

Losant has two types of users. The first are actual Losant users that sign in through losant.com. These are for you and your developers (i.e. the solution builders). The Losant interface is designed to provide your team high-level administrative capabilities, as well as data visualization, and the ability to build APIs for your end-users and end-user application.

The second type of user are Experience Users. These are your end-users. The ones using the website you’re building and delivering to them. Experience users do not sign in to losant.com, they sign in through your end-user application (mobile app, custom website, etc). We provide built-in support to easily perform authentication using an Experience Endpoint to make this process easier. The walkthough linked above shows an example of this.

The only way for Experience Users to view data or perform actions within Losant is by making a request to an Experience Endpoint. These endpoints are entirely custom to your application. Therefore, if you want users to be able to register their own device, you’d make an endpoint that they could request in order to do this. The walkthrough shows an example of this. Likewise, if you want your website to display device data, you’d make another endpoint to get the appropriate device data and return it in a form that your website can understand and display.

Using Ruby to serve up the actual website is a perfectly good way to go. The intended goal of Experience Users and Endpoints is that your entire API and user management can then be hosted with Losant.

1 Like

Thank you so much!
Yeah, I’ve read the docs from the link you’ve provided!
And at the Experience end point, we created them based on the same guides from the docs. But after registered new user success, I can not login again with that account. It seems I can’t get user token so it shows error: Unauthorized user.

I’ve tried to get user token by api /auth with email and password. But it failed and still shown “message”: “Unauthorized”.

I know that Losant had 2 types of users, one for Losant.com and one is Experiences user.
Once again, Thank you for the support!


You’ll get unauthorized when trying to request any route that has authentication enabled and do not provide a valid token in the header, query param, or cookie.

The /auth route should be configured for all public users. This is because the user won’t have a token yet. The auth route is what returns a token that can then be used for other protected routes.

Your screenshot is showing /auth/user, so I’m assuming you changed the default /auth route we auto-generated for you. Just make sure you’ve configured it for public users.


Thank you so much!
I’ve changed it to public, but it still shows error :frowning:


Ah, I think I see the core issue now. Your Postman screenshot is showing that you’re making a request to the Losant API, not your Experience Endpoint (which can be thought of as your API). Any request to the Losant API requires a Losant user. You can see your API’s root URL on the top-right corner of the experience overview tab. It will end with “onlosant.com”.


Thanks for reply!
I changed it to URL of experiences end point, and it’s still shown error 404.

curl -H ‘Content-Type: application/json’ \

-H 'Accept: application/json' \
-d '{"email":"demo01@losant.com","password":"demo@123"}' \

{ “error”: “No endpoint found for route” }


It looks like you’re missing the /auth on the end of your URL.


Oh yeah!
Thank you so much!
I checked and now it’s ok!