diff --git a/app/api/auth.py b/app/api/auth.py
index 93d1d5d..7a60376 100644
--- a/app/api/auth.py
+++ b/app/api/auth.py
@@ -7,7 +7,7 @@ from app.core.database import get_db
 from app.core.security import verify_password, get_password_hash, create_access_token, create_refresh_token, decode_token
 from app.models.user import User
 from app.models.organization import Organization, OrganizationMember, MemberRole
-from app.schemas.user import UserCreate, UserRead, Token
+from app.schemas.user import UserCreate, UserRead, Token, LoginRequest
 from app.services.audit import AuditService
 import re
 
@@ -86,16 +86,15 @@ async def register(
 
 @router.post("/login", response_model=Token)
 async def login(
-    email: str,
-    password: str,
+    credentials: LoginRequest,
     request: Request,
     db: AsyncSession = Depends(get_db)
 ):
     """Login and get access token."""
-    result = await db.execute(select(User).where(User.email == email))
+    result = await db.execute(select(User).where(User.email == credentials.email))
     user = result.scalar_one_or_none()
     
-    if not user or not verify_password(password, user.hashed_password):
+    if not user or not verify_password(credentials.password, user.hashed_password):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Invalid email or password"
diff --git a/app/schemas/user.py b/app/schemas/user.py
index ffa2699..84d3941 100644
--- a/app/schemas/user.py
+++ b/app/schemas/user.py
@@ -10,6 +10,10 @@ class UserBase(BaseModel):
 class UserCreate(UserBase):
     password: str
 
+class LoginRequest(BaseModel):
+    email: EmailStr
+    password: str
+
 class UserUpdate(BaseModel):
     email: Optional[EmailStr] = None
     full_name: Optional[str] = None