# Initiate Login (Send Email OTP)

Initiates the login process for a given email by sending an OTP via email. Returns a session identifier required for the confirmation step. Responds with 200 OK even if the email is not registered to prevent user enumeration.

Endpoint: POST /auth/login
Version: 1.1.0
Security: m2m_oauth

## Request fields (application/json):

  - `email` (string, required)
    The email address of the user attempting to log in.
    Example: "user@company.com"

  - `client_id` (string, required)
    The OAuth client_id of the company initiating the request.
    Example: "aBcDeFgHiJkLmNoPqRsT"

## Response 200 fields (application/json):

  - `email` (string, required)
    The email address for which the login was initiated.
    Example: "user@company.com"

  - `session` (string, required)
    A unique session identifier for this specific login attempt. Required for the /auth/login-confirmation step.
    Example: "sess_abc123xyz789"

  - `method` (string, required)
    The method used for this login attempt.
    Enum: "email"

  - `user_id` (string, required)
    User id.
    Example: "27c7e9af-b519-4bec-a9c1-c7fd51aad8b6"

## Response 400 fields (application/json):

  - `code` (string, required)
    An application-specific error code string.
    Example: "INVALID_OTP"

  - `message` (string, required)
    A human-readable explanation specific to this occurrence of the problem.
    Example: "The OTP provided is invalid or has expired."

## Response 500 fields (application/json):

  - `code` (string, required)
    An application-specific error code string.
    Example: "INVALID_OTP"

  - `message` (string, required)
    A human-readable explanation specific to this occurrence of the problem.
    Example: "The OTP provided is invalid or has expired."