First of all you should inspect the login page and find the actual POST request that is done to the server when you input the username and password and press submit, you should be able to identify it in browser debug window → network tab, that is the request you want to use to login with a http client like HTTPoison.
The second part is a little bit more tricky, you need to save the session cookie that you get after successful login and use it in subsequent requests to protected routes, you can take some inspiration from here: Help with HTTPoison POST - #7 by Aetherus
PS: That might not be the best example as its filled with macro magic, what you are interested in are the following lines:
# Options sent to hackney for setting the request cookies
options = [hackney: [cookie: cookies]]]
# Example usage
headers = []
HTTPoison.get("my_url", headers, options)
# Extracting cookies from the response
defp cookies(%HTTPoison.Response{} = resp) do
resp.headers
|> Enum.filter(fn
{"Set-Cookie", _} -> true
_ -> false
end)
|> Enum.map(fn{_, cookie} -> cookie end)
end
