Skip to content

Backendless Login API

Registered users can login using the API described below. The login operation requires two properties: one marked asuser identity and the second is password. Backendless automatically assigns the "AuthenticatedUser" role to all successfully logged in users. The role can be used to differentiate access to various resources (data in the database, files, messaging channels) between authenticated users and guests.


Future<BackendlessUser> Backendless.userService.login(String login, String password, [bool stayLoggedIn]);


Argument                Description
login a value for a property marked as identity.
password user's password
stayLoggedIn requests to store the user's login information so the login form can be skipped next time the user launches the app.

If the stayLoggedIn argument is set to true, use the following API to check if the application has the user login information from the previous runs of the application:

Backendless.userService.getUserToken().then((userToken) {
  if (userToken != null && userToken.isNotEmpty) {
      // user login is available, skip the login activity/login form 


The following errors may occur during the Login API call. See the Error Handling section for details on how to retrieve the error code when the server returns an error.

Error Code
Version is disabled or provided wrong application info (application id or secret key)
Login has been disabled for the user account.
Missing login settings, possibly invalid application id or version.
User cannot login because Multiple Logins disabled and there is a logged in user for the account.
Invalid login or password.
Either login or password is an empty string value.
User logins are disabled for the version of the application.
Account locked out due to too many failed logins.
One of the required parameters (application id, version, login or password) is null
Multiple login limit for the same user account has been reached.
Property value exceeds the length limit


// do not forget to call Backendless.initApp in the app initialization code
Backendless.userService.login(username, password).then((user) {
  // user has been logged in

Validating User Login

The login operation provides a way to persist the user-token on the client side so it can be used when the application is restarted. This helps in streamlining the user experience since the user of the application does not need to login again. However, when the application restarts, it needs to check if the underlying user token, and hence the user session are still valid. This can be accomplished with the API below:


Future<bool> Backendless.userService.isValidLogin();

If user token is valid, objectId of the logged in user can be retrieved with the following call:

String currentUserObjectId = await Backendless.userService.loggedInUser();

Subsequently the BackendessUser instance can be obtained with the following API:"Users").findById(currentUserObjectId);


Log in a user first. Make sure the stayLoggedIn argument is true.The value of true persists the information about the login for the use by subsequent starts/sessions of the application. Then, check whether the login is valid - see the example below:

Backendless.userService.login("", "superm@n", true).then((user) {
  Backendless.userService.isValidLogin().then((response) {
    print("Is login valid? - $response");