Authentication

The API uses JWT Bearer authentication. Many endpoints are public; others require a valid token, and some require an elevated role (e.g. admin).

Getting a token

Sign-in and sign-up are public. Use the auth endpoints to exchange credentials for a JWT. Request and response schemas are described in the OpenAPI document.

Sending the token

Include the token in the Authorization header:

Authorization: Bearer <your-token>

Role-based access

Some endpoints are restricted to users with higher privileges (e.g. admin or owner). If you call such an endpoint without the required role, the API responds with 403 Forbidden.

For exact payloads and endpoints, see the OpenAPI document.

Getting a token​

Sending the token​

Role-based access​

Getting a token

Sending the token

Role-based access