> ## Documentation Index
> Fetch the complete documentation index at: https://tyk.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Initiate authentication (POST)

> Identical to the GET variant. Provided for passthrough providers that receive
credentials as a form POST or via a Basic Auth header.




## OpenAPI

````yaml /swagger/5.13/identity-broker-swagger.yml post /auth/{id}/{provider}
openapi: 3.0.3
info:
  title: Tyk Identity Broker (TIB) API
  description: >
    The Tyk Identity Broker (TIB) acts as a delegated authentication gateway
    between

    external identity providers (OAuth/Social, SAML, LDAP, Reverse Proxy) and
    the

    Tyk ecosystem.


    ## Authentication


    Profile management endpoints (`/api/*`) require an `Authorization` header
    whose

    value must exactly match the `Secret` field in `tib.conf`.


    Auth flow endpoints (`/auth/*`) are public — they are the entry points for

    end-user authentication and are called by browsers or API clients, not by

    back-end services.
  version: v1.7.2
  contact:
    email: support@tyk.io
    name: Tyk Technologies
    url: https://tyk.io/contact
servers:
  - url: http://localhost:3010
    description: Default local TIB instance
security: []
tags:
  - name: Auth
    description: Entry points for identity-provider authentication flows (public)
  - name: Profiles
    description: CRUD management of TIB profiles (requires Authorization header)
  - name: Health
    description: Health check
paths:
  /auth/{id}/{provider}:
    post:
      tags:
        - Auth
      summary: Initiate authentication (POST)
      description: >
        Identical to the GET variant. Provided for passthrough providers that
        receive

        credentials as a form POST or via a Basic Auth header.
      operationId: initiateAuthPost
      parameters:
        - $ref: '#/components/parameters/profileId'
        - $ref: '#/components/parameters/providerName'
      requestBody:
        description: >
          Optional form body or JSON body carrying credentials
          (provider-dependent).

          LDAP and Proxy providers typically read a `Basic` `Authorization`
          header

          rather than a request body.
        required: false
        content:
          application/x-www-form-urlencoded:
            schema:
              type: object
              additionalProperties: true
      responses:
        '200':
          description: Authentication completed inline.
        '302':
          description: Redirect to the external identity provider.
        '400':
          description: Missing or invalid profile ID.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/APIErrorMessage'
components:
  parameters:
    profileId:
      name: id
      in: path
      required: true
      description: The unique identifier of the authentication profile.
      schema:
        type: string
      example: github-sso-dashboard
    providerName:
      name: provider
      in: path
      required: true
      description: >
        The provider sub-path. For Social/OIDC providers this is the Goth
        provider

        name (e.g. `github`, `linkedin`, `openid-connect`). For SAML it is
        `saml`.

        For LDAP/Proxy it matches the configured provider identifier.
      schema:
        type: string
      example: github
  schemas:
    APIErrorMessage:
      type: object
      properties:
        Status:
          type: string
          enum:
            - error
          example: error
        Error:
          type: string
          description: Human-readable error message.
          example: Profile not found

````