Get a token
Call the login endpoint with your workspace user credentials:token value — you’ll include it in every subsequent request.
Use the token
Add the token to theAuthorization header of every request:
Token expiry
Tokens expire after 7 days. After expiry, requests return401 Unauthorized. Call /api/auth/login again to get a new token.
There is no refresh token mechanism — re-authenticate when the token expires.
Get current user info
To verify a token and retrieve the authenticated user’s details:Error responses
| Scenario | Status | Error message |
|---|---|---|
| Missing Authorization header | 401 | No token provided |
| Invalid or malformed token | 401 | Invalid token |
| Token expired | 401 | Token expired |
| Valid token, insufficient permissions | 403 | Permission denied |