API Reference Authentication

Authentication Endpoints

5 endpoints for user registration, login, and API key management.

Base URL

How Authentication Works

JWT Bearer Token

Used for auth management endpoints (API key CRUD).

Call POST /v1/auth/login with your credentials
Copy the access_token from the response
Send it as Authorization: Bearer <token>

API Key

Used for all /v1/me/* CRUD endpoints.

Generate a key via POST /v1/auth/api-keys
Copy the raw_key (shown once, starts with rst_)
Send it as X-API-Key: rst_...

For a complete walkthrough, see the Authentication & Setup Guide.

JWT Token

API Key

JWT set Key set No credentials set

Authentication

Create a new user account

Request Body

Field	Type	Required	Description
username	`string`	Yes	Unique username (3-50 chars, alphanumeric)*
email	`string`	Yes	Valid email address*
password	`string`	Yes	Password (8-128 chars)*
full_name	`string`	Yes	Display name (1-200 chars)*

Response

Field	Type	Required	Description
id	`uuid`	Yes	User ID*
username	`string`	Yes	Username*
email	`string`	Yes	Email address*
full_name	`string`	Yes	Display name*

username *

email *

password *

full_name *

Request

{
  "username": "hershel",
  "email": "hershel@example.com",
  "password": "secureP@ss123",
  "full_name": "Hershel Moshkovitz"
}

Response 200 OK

{
  "id": "a1b2c3d4-5678-9abc-def0-123456789abc",
  "username": "hershel",
  "email": "hershel@example.com",
  "full_name": "Hershel Moshkovitz"
}

Authenticate and receive a JWT token

Request Body

Field	Type	Required	Description
username	`string`	Yes	Your username*
password	`string`	Yes	Your password*

Response

Field	Type	Required	Description
access_token	`string`	Yes	JWT access token*
token_type	`string`	Yes	Always "bearer"*

username *

password *

Request

{
  "username": "hershel",
  "password": "secureP@ss123"
}

Response 200 OK

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Generate a new API key (shown once)

Request Body

Field	Type	Required	Description
name	`string`	Yes	Key label (1-100 chars)*

Response

Field	Type	Required	Description
id	`uuid`	Yes	Key ID*
name	`string`	Yes	Key label*
raw_key	`string`	Yes	Full API key (shown once, starts with rst_)*
prefix	`string`	Yes	Key prefix for identification*

Requires JWT token — set it in the auth bar above

name *

Request

{
  "name": "my-app-key"
}

Response 200 OK

{
  "id": "b2c3d4e5-6789-abcd-ef01-23456789abcd",
  "name": "my-app-key",
  "raw_key": "rst_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5",
  "prefix": "rst_a1b2",
  "is_active": true,
  "created_at": "2026-02-16T10:30:00Z"
}

List all your API keys

Response

Field	Type	Required	Description
[ ]	`array`	Yes	Array of APIKeyResponse objects (id, name, prefix, is_active, created_at)*

Requires JWT token — set it in the auth bar above

Response 200 OK

[
  {
    "id": "b2c3d4e5-6789-abcd-ef01-23456789abcd",
    "name": "my-app-key",
    "prefix": "rst_a1b2",
    "is_active": true,
    "created_at": "2026-02-16T10:30:00Z"
  }
]

Revoke an API key

Path Parameters

Field	Type	Required	Description
key_id	`uuid`	Yes	API key ID to revoke*

Requires JWT token — set it in the auth bar above

key_id *

Response 200 OK

204 No Content