post deprecated
https://{companyDomain}.bamboohr.com/api/v1/login
Exchanges username, password, and application key for a persistent API key scoped to that user and application. No pre-existing authentication is required; credentials are passed in the request body.
This endpoint is deprecated. Prefer OAuth or OpenID for new integrations.
applicationKey must correspond to a registered non-mobile application; iOS and Android app keys are explicitly rejected with a 403 (no body). The optional deviceId associates the generated key with a specific device.
Response format is determined by the Accept request header. Send Accept: application/json to receive JSON; omit the header or send any other value to receive XML. Alternatively, set ?format=json in the query string to force JSON regardless of the Accept header.