Authentication
Session cookies for the dashboard, API keys for programmatic access
API key (SDK)
Send your key on every request:
X-API-Key: abx_…
| Method | Path | Description |
|---|---|---|
| POST | /auth/api-key | Rotate API key — returns new key once |
| GET | /auth/me | Current user (cookie or API key) |
Dashboard session
| Method | Path | Description |
|---|---|---|
| POST | /auth/request-code | Email a login code |
| POST | /auth/verify | Verify code → sets session cookie |
| POST | /auth/register | Create account with email + password |
| POST | /auth/login | Email + password login |
| POST | /auth/set-password | Set optional password (signed in) |
| POST | /auth/logout | Clear session |
| GET | /auth/me | Current user profile + credits |
Example
# Programmatic curl http://localhost:8000/auth/me -H "X-API-Key: YOUR_KEY" # Dashboard (browser) — cookie set automatically after /auth/verify curl http://localhost:8000/inboxes --cookie "session=…"