Skip to main content

Authentication

POST /auth/token

Authenticate with an API key (single-admin mode).

Request:

{ "apiKey": "your-secret-key" }

Response:

{
  "accessToken": "eyJ...",
  "refreshToken": "eyJ...",
  "role": "admin",
  "serverName": "Production VPS"
}

POST /auth/login

Authenticate with email/password (multi-user mode).

Request:

{ "email": "admin@example.com", "password": "your-password" }

Response: Same as /auth/token.

POST /auth/refresh

Refresh an expired access token.

Request:

{ "refreshToken": "eyJ..." }

Response:

{ "accessToken": "eyJ...", "refreshToken": "eyJ..." }
info

Refresh tokens include a fingerprint (hash of User-Agent + IP). If the fingerprint changes, the refresh is rejected.

GET /auth/users admin

List all users. Only available when AUTH_MODE=users.

Response:

{ "users": [{ "id": 1, "email": "admin@example.com", "role": "admin", "created_at": "..." }] }

POST /auth/users admin

Create a new user.

Request:

{ "email": "user@example.com", "password": "strong-password", "role": "operator" }

DELETE /auth/users/:id admin

Delete a user account. Cannot delete yourself.

PUT /auth/users/:id/role admin

Update a user's role.

Request:

{ "role": "viewer" }

Valid roles: admin, operator, viewer