diff --git a/cmd/calls/main.go b/cmd/calls/main.go
index 03ee2b0..c81258f 100644
--- a/cmd/calls/main.go
+++ b/cmd/calls/main.go
@@ -57,7 +57,7 @@ func main() {
 	loginForm.Add("username", *username)
 	loginForm.Add("password", *password)
 
-	loginReq, err := http.NewRequest("POST", "http"+secureSuffix()+"://"+*addr+"/login", strings.NewReader(loginForm.Encode()))
+	loginReq, err := http.NewRequest("POST", "http"+secureSuffix()+"://"+*addr+"/api/login", strings.NewReader(loginForm.Encode()))
 	if err != nil {
 		log.Fatal(err)
 	}
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
index 5184aae..817d302 100644
--- a/pkg/auth/auth.go
+++ b/pkg/auth/auth.go
@@ -4,7 +4,10 @@ import (
 	"errors"
 	"net/http"
 
+	_ "embed"
+
 	"dynatron.me/x/stillbox/pkg/config"
+	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/jwtauth/v5"
 )
 
@@ -66,3 +69,20 @@ func ErrorResponse(w http.ResponseWriter, err error) {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 	}
 }
+
+func (a *Auth) PublicRoutes(r chi.Router) {
+	r.Post("/api/login", a.routeAuth)
+	r.Get("/api/login", a.routeLogin)
+}
+
+func (a *Auth) PrivateRoutes(r chi.Router) {
+	r.Get("/refresh", a.routeRefresh)
+}
+
+//go:embed login.html
+var loginPage []byte
+
+func (a *Auth) routeLogin(w http.ResponseWriter, r *http.Request) {
+	w.Header().Add("Content-Type", "text/html")
+	_, _ = w.Write(loginPage)
+}
diff --git a/pkg/auth/jwt.go b/pkg/auth/jwt.go
index ea65a92..6241805 100644
--- a/pkg/auth/jwt.go
+++ b/pkg/auth/jwt.go
@@ -110,14 +110,6 @@ func (a *Auth) newToken(uid int32) string {
 	return tokenString
 }
 
-func (a *Auth) PublicRoutes(r chi.Router) {
-	r.Post("/login", a.routeAuth)
-}
-
-func (a *Auth) PrivateRoutes(r chi.Router) {
-	r.Get("/refresh", a.routeRefresh)
-}
-
 func (a *Auth) allowInsecureCookie(r *http.Request) bool {
 	host := strings.Split(r.Host, ":")
 	v, has := a.cfg.AllowInsecure[host[0]]
diff --git a/pkg/auth/login.html b/pkg/auth/login.html
new file mode 100644
index 0000000..eeb9783
--- /dev/null
+++ b/pkg/auth/login.html
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <title>Login</title>
+  </head>
+  <body>
+    <div>
+      <form action="/login" method="POST">
+        <label for="username">Username: </label>
+        <input type="text" name="username" />
+        <label for="password">Password: </label>
+        <input type="password" name="password" />
+        <input type="submit" value="Login" />
+      </form>
+    </div>
+  </body>
+</html>