Skip to content

Authentication API Reference

Complete API reference for authentication endpoints.

POST /auth/login

Authenticate user and create session.

Request

{
  "identifier": "[email protected]",
  "secret": "password123",
  "register": false  // Optional: auto-register if true
}

Response

{
  "access_token": "eyJhbGc...",
  "refresh_token": "eyJhbGc...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "user": {
    "id": "user:abc123",
    "identifiers": [...],
    "roles": ["editor"]
  }
}

POST /auth/refresh

Refresh access token.

Request

{
  "refresh_token": "eyJhbGc..."
}

Response

{
  "access_token": "eyJhbGc...",
  "refresh_token": "eyJhbGc...",
  "expires_in": 3600
}

POST /auth/logout

End session.

Request

Authorization: Bearer <access_token>

Response

{
  "message": "Logged out successfully"
}

GET /me

Get current user information.

Request

Authorization: Bearer <access_token>

Response

{
  "id": "user:abc123",
  "tenant_id": "org_company",
  "workspace_id": "ws_eng",
  "identifiers": [...],
  "roles": ["editor"],
  "scopes": ["read:posts", "write:posts"]
}

More endpoints →