By default the login uses cookie-based so the 'token' as such is in the cookie. If you add 'token=true' to the request (so "email=&password=&token=true") you'll get the token stanza in the return:
},
"token": "ey...EZhY" }
If you don't already, I'd recommend using the (free) Postman REST client for experimenting with the API; https://www.postman.com/product/rest-client/
