Authentication

All API requests must include a bearer token in the Authorization header.

Obtaining a Token

curl -X POST https://api.example.com/v1/auth/token \
  -d '{"username": "alice", "password": "secret"}'

Response:

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_in": 3600
}

Using the Token

Include the token in every request:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  https://api.example.com/v1/users

Security

Never commit tokens to version control. Use environment variables or a secrets manager instead.

See REST Endpoints for the available routes, or head back to the API Overview.