Authentication
All API requests must include a bearer token in the Authorization header.
Obtaining a Token
curl -X POST https://api.example.com/v1/auth/token \
-d '{"username": "alice", "password": "secret"}'
Response:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"expires_in": 3600
}
Using the Token
Include the token in every request:
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
https://api.example.com/v1/users
Security
Never commit tokens to version control. Use environment variables or a secrets manager instead.
See REST Endpoints for the available routes, or head back to the API Overview.