PUT Auth Request


Perform authorization request to get token

Requires cookies from the Auth Cookies stage. If the user has multi-factor authentication enabled, the response will contain a type of multifactor and Multi-Factor Authentication will need to be used.

Note: Authenticating directly is prone to breakage (captchas and cloudflare anti-bot) and does not support users who use alternative sign-in methods. Consider using Cookie Reauth or opening a webview to the Riot login page and watching for redirects.

For an example of watching redirects in a webview (using Electron), see insomnia-plugin-valorant



type AuthRequestBody = {
    type: "auth";
    language: "en_US";
    remember: boolean;
    riot_identity: {
        /** hcaptcha token from the login page (see <https://docs.hcaptcha.com/>) */
        captcha: string;
        username: string;
        password: string;


type AuthRequestResponse = {
    type: "success";
    success: {
        login_token: string;
        redirect_url: string;
        is_console_link_session: boolean;
        auth_method: "riot_identity";
        puuid: string;
    country: string;
    platform: string;
} | {
    type: "multifactor";
    multifactor: {
        method: "email";
        methods: "email"[];
        /** partially-obscured email address */
        email: string;
        mode: "auth";
        auth_method: "riot_identity";
    country: string;
    platform: string;
    /** The MFA request seems to still give an HTTP response code of 200 for invalid codes but attaches this error property */
    error?: "invalid_code" | undefined;