> ## Documentation Index
> Fetch the complete documentation index at: https://cometchat-22654f5b-docs-audit-content-webhooks.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication and User Management

> Create users, issue auth tokens, and log users into CometChat.

## Create and Log In a User

### Guide details

This guide provides a step-by-step guide on creating and logging in a user using the CometChat platform with authentication using the Authentication Token. Additionally, you will need to make sure you have initialized CometChat in your app prior to logging in the user.

### Introduction

To log in a user, they must first be registered on the CometChat server. For first-time logins, the user needs to be created in CometChat. After this initial creation, we can generate an authentication token for the user.

This authentication token, created via the CometChat API, will be used on the front-end to log the user into the **CometChat UI Kit, SDK, or Widget**.

Once the user is successfully logged into CometChat, we can proceed to request or post any necessary data for the app.

## Prerequisites

* CometChat App (You can create one via the [CometChat Dashboard](https://app.cometchat.com/apps)).
* CometChat UI Kit or SDK (Custom Widget as well).
* Your application: Front-end and Back-end / Server Side.

## Create Chat User in CometChat

When a new user signs up in your app, create a matching CometChat user **from your server** using the [Create User API](/rest-api/users/create). Pass `withAuthToken: true` to also mint a login token in the same call.

1. In your own sign-up flow, create the user in your database.
2. From your **backend**, call `POST /v3/users` with the user's `uid` and `name`.
3. CometChat returns the created user (and an auth token when `withAuthToken` is set).
4. Return that auth token to your front-end to log the user in.

```bash theme={null}
curl -X POST "https://<appId>.api-<region>.cometchat.io/v3/users" \
  -H "apikey: YOUR_REST_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "uid": "cometchat-uid-1",
    "name": "Andrew Joseph",
    "withAuthToken": true
  }'
```

<Warning>
  Call this from your **server only** — it requires the `fullAccess` REST API Key, which must never ship in client-side code. See [REST API Authentication](/rest-api/authentication) for key scopes.
</Warning>

The `uid` must be unique, **≤ 100 characters**, alphanumeric with dashes (no spaces), and **cannot be changed** after creation. For the full field list and limits, see the [Create User reference](/rest-api/users/create).

Then log the user into the [SDK / UI Kit](/sdk/javascript/authentication-overview) or [Widget](/widget/html/integration#3-backend-created-user-auth-token-login) with the returned token:

```javascript theme={null}
// SDK
CometChat.login(authToken).then(user => { /* logged in */ });

// UI Kit
CometChatUIKit.loginWithAuthToken(authToken);
```

<Frame>
  <img src="https://mintcdn.com/cometchat-22654f5b-docs-audit-content-webhooks/B3XaZtq031kOZfI6/images/create-chat-user.png?fit=max&auto=format&n=B3XaZtq031kOZfI6&q=85&s=5b8e59e30d5962f1a9b891fce7d0a3dc" alt="CometChat - Create Chat User" width="1380" height="774" data-path="images/create-chat-user.png" />
</Frame>

## Log In an Existing User

The user already exists in CometChat, so you only need a fresh auth token each time they sign in to your app.

1. Authenticate the user with your own backend.
2. From your server, generate a token via the [Create Auth Token API](/rest-api/auth-tokens/create) — `POST /v3/users/{uid}/auth_tokens`.
3. Return the token to your front-end.
4. Log in with `CometChat.login(authToken)` (SDK) or `CometChatUIKit.loginWithAuthToken(authToken)` (UI Kit). For the **Widget Builder**, see [auth token–based login](/widget/html/integration#3-backend-created-user-auth-token-login).

```bash theme={null}
curl -X POST "https://<appId>.api-<region>.cometchat.io/v3/users/cometchat-uid-1/auth_tokens" \
  -H "apikey: YOUR_REST_API_KEY"
```

### Auth token lifecycle

* **Expiry:** auth tokens **do not expire by default**, which keeps users signed in across devices. Generating a new token does not invalidate older ones on their own.
* **Retention:** CometChat keeps only the **100 most recent** auth tokens per user; older tokens are automatically archived and invalidated.
* **Revoking sessions:** delete one token with [Delete Auth Token](/rest-api/auth-tokens/delete), or sign a user out everywhere with [Flush Auth Tokens](/rest-api/auth-tokens/flush) (`DELETE /v3/users/{uid}/auth_tokens`).

<Frame>
  <img src="https://mintcdn.com/cometchat-22654f5b-docs-audit-content-webhooks/UjSEcX5SVba0Fjni/images/log-in-chat-user.png?fit=max&auto=format&n=UjSEcX5SVba0Fjni&q=85&s=6f6b73982615dd5430701b7a1d2c37a5" alt="CometChat - Logging On a User" width="1380" height="752" data-path="images/log-in-chat-user.png" />
</Frame>

## Migrate Existing Users to CometChat

If you need to migrate existing users in bulk, see [Data Import and Migration](/fundamentals/data-import-and-migration).
