API Reference

Authentication

Endpoints for signing in, signing up, and managing authentication tokens. All endpoints are prefixed with /v1.

Base URL

text
https://api.authon.dev

Authorization

bash
# Client requests — use publishable key
Authorization: Bearer pk_live_your_publishable_key

# Server requests — use secret key
Authorization: Bearer sk_live_your_secret_key
POST/v1/auth/signin

Sign In with Email

Authenticate a user with email and password. Returns access and refresh tokens.

Request Body
json
{
  "projectId": "proj_abc123",
  "email": "user@example.com",
  "password": "securepassword"
}
Response
json
{
  "accessToken": "eyJhbGci...",
  "refreshToken": "rt_abc123...",
  "expiresIn": 3600,
  "user": {
    "id": "usr_abc123",
    "email": "user@example.com",
    "displayName": "John Doe"
  }
}
POST/v1/auth/signup

Sign Up with Email

Register a new user. Returns tokens or triggers email verification flow.

Request Body
json
{
  "projectId": "proj_abc123",
  "email": "user@example.com",
  "password": "securepassword",
  "displayName": "John Doe"
}
Response
json
{
  "status": "verification_required",
  "message": "Check your email for a verification code"
}
POST/v1/auth/verify-email

Verify Email

Verify an email address with the 6-digit OTP code sent after sign up.

Request Body
json
{
  "projectId": "proj_abc123",
  "email": "user@example.com",
  "code": "123456"
}
Response
json
{
  "accessToken": "eyJhbGci...",
  "refreshToken": "rt_abc123...",
  "expiresIn": 3600,
  "user": { ... }
}
POST/v1/auth/refresh

Refresh Token

Exchange a refresh token for a new access token before it expires.

Request Body
json
{
  "refreshToken": "rt_abc123..."
}
Response
json
{
  "accessToken": "eyJhbGci...",
  "expiresIn": 3600
}
POST/v1/auth/signout

Sign Out

Invalidate the current session and revoke the refresh token.

Response
json
{ "success": true }
Authon — Universal Authentication Platform