Authentication

All data within the platform is private by default. The public role can be configured to expose data without authentication, or you can pass an access token to the API to access private data.

Login

Authenticate as a user.

Query Parameters

Request Body

email
string

Email address of the user you're logging in as. for.

password
string

Password of the user.

mode
string

Whether to retrieve the refresh token in the JSON response, or in a httpOnly cookie.

otp
string

The user's one-time-password (if MFA is enabled).

Response

Successful authentification

data
object
POST /auth/login
Response Example
{
  "data": {
    "access_token": "eyJhbGciOiJI...",
    "expires": 900,
    "refresh_token": "yuOJkjdPXMd..."
  }
}

Logout

Invalidate the refresh token thus destroying the user's session.

Query Parameters

Request Body

refresh_token
string

The refresh token to invalidate. If you have the refresh token in a cookie through /auth/login, you don't have to submit it here.

mode
string

Whether the refresh token is submitted in the JSON response, or in a httpOnly cookie.

POST /auth/logout

List Auth Providers

List all the configured auth providers.

Query Parameters

Response

Successful request

public
boolean
data
array
GET /auth/oauth
Response Example
{
  "data": [
    "github",
    "facebook"
  ]
}

Login Using an OAuth Provider

Start OAuth flow using the specified provider.

Query Parameters

provider
string

Key of the activated OAuth provider.

redirect
string

Where to redirect on successful login.
If set the authentication details are set inside cookies otherwise a JSON is returned.

Response

Successful request

public
boolean
data
object
Response Example
{
  "data": {}
}

Request a Password Reset

Request a reset password email to be sent to the given user.

Query Parameters

Request Body

email
string

Email address of the user you're requesting a reset for.

reset_url
string

Provide a custom reset url which the link in the email will lead to. The reset token will be passed as a parameter. You need to configure the PASSWORD_RESET_URL_ALLOW_LIST environment variable to enable this feature.

POST /auth/password/request

Reset a Password

The request a password reset endpoint sends an email with a link to the admin app which in turn uses this endpoint to allow the user to reset their password.

Query Parameters

Request Body

token
string

One-time use JWT token that is used to verify the user, as provided in the email sent by the request endpoint.

password
string

New password for the user.

POST /auth/password/reset

Refresh Token

Retrieve a new access token using a refresh token.

Query Parameters

Request Body

refresh_token
string

JWT access token you want to refresh. This token can't be expired.

mode
string

Whether to submit and retrieve the refresh token in the JSON response, or in a httpOnly cookie.

Response

Successful request

data
object
POST /auth/refresh
Response Example
{
  "data": {
    "access_token": "eyJhbGciOiJI...",
    "expires": 900,
    "refresh_token": "Gy-caJMpmGTA..."
  }
}