# User-interactive managed login and classic hosted UI endpoints Amazon Cognito activates the managed login endpoints in this section when you add a domain to your user pool. They are webpages where your users can complete the core authentication operations of a user pool. They include pages for password management, multi-factor authentication (MFA), and attribute verification. The webpages that make up managed login are a front-end web application for interactive user sessions with your customers. Your app must invoke managed login in your users' browsers. Amazon Cognito doesn't support programmatic access to the webpages in this chapter. Those federation endpoints in the [Identity provider and relying party endpoints](federation-endpoints.md) that return a JSON response can be queried directly in your app code. The [Authorize endpoint](authorization-endpoint.md) redirects either to managed login or to an IdP sign-in page and also must be opened in users' browsers. All user pool endpoints accept traffic from IPv4 and IPv6 source IP addresses. The topics in this guide describe frequently-used managed login and classic hosted UI endpoints in detail. The difference between managed login and the hosted UI is visible, not functional. Except for `/passkeys/add`, all paths are shared between the two versions of managed login branding. Amazon Cognito makes the webpages that follow available when you assign a domain to your user pool. **Managed login endpoints** | Endpoint URL | Description | How it's accessed | | --- | --- | --- | | https://Your user pool domain/login | Signs in user pool local and federated users. | Redirect from endpoints like [Authorize endpoint](authorization-endpoint.md), `/logout`, and `/confirmforgotPassword`. See [Login endpoint](login-endpoint.md). | | https://Your user pool domain/logout | Signs out user pool users. | Direct link. See [Logout endpoint](logout-endpoint.md). | | https://Your user pool domain/confirmUser | Confirms users who have selected an email link to verify their user account. | User selected link in an email message. | | https://Your user pool domain/signup | Signs up a new user. The /login page directs your user to /signup when they select Sign up. | Direct link with same parameters as `/oauth2/authorize`. | | https://Your user pool domain/confirm | After your user pool sends a confirmation code to a user who signed up, prompts your user for the code. | Redirect-only from `/signup`. | | https://Your user pool domain/forgotPassword | Prompts your user for their user name and sends a password-reset code. The /login page directs your user to /forgotPassword when they select Forgot your password?. | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/cognito/latest/developerguide/managed-login-endpoints.html) | | https://Your user pool domain/confirmforgotPassword | Prompts your user for their password-reset code and a new password. The /forgotPassword page directs your user to /confirmforgotPassword when they select Reset your password. | Redirect-only from /forgotPassword. | | https://Your user pool domain/resendcode | Sends a new confirmation code to a user who has signed up in your user pool. | Redirect-only from **Send a new code** link at `/confirm`. | | https://Your user pool domain/passkeys/add | Registers a new [passkey](amazon-cognito-user-pools-authentication-flow-methods.md#amazon-cognito-user-pools-authentication-flow-methods-passkey). Only available in managed login. | [\[See the AWS documentation website for more details\]](http://docs.amazonaws.cn/en_us/cognito/latest/developerguide/managed-login-endpoints.html) | **Topics** + [The managed login sign-in endpoint: `/login`](login-endpoint.md) + [The managed login sign-out endpoint: `/logout`](logout-endpoint.md)