API Reference

Rate Limiting

Name: Authon
Author: Authon

Authon APIs enforce per-endpoint rate limits to prevent abuse and ensure service stability. Exceeding a limit returns HTTP 429 Too Many Requests.

SDK Auth Endpoints

Endpoints called directly from your app. Base URL: POST https://api.authon.dev

Method	Endpoint	Limit (count/window)	Notes
POST	`/v1/auth/signup`	60 / 60s	Requires API key. When CAPTCHA is enabled, turnstileToken is required.
POST	`/v1/auth/signin`	60 / 60s	Requires API key. When CAPTCHA is enabled, turnstileToken is required.
POST	`/v1/auth/token/refresh`	120 / 60s	No API key required. Call with refresh token only.
DELETE	`/v1/auth/me`	10 / 60s	Account deletion is strictly limited to 10 requests per minute.
POST	`/v1/auth/testing/token`	100 / 60s	pk_test_ keys only. Cannot be called with production keys.
GET	`/v1/auth/token/verify`	—	No throttling (SkipThrottle). Safe for frequent server-side middleware calls.
GET	`/v1/auth/me`	—	No throttling (SkipThrottle).
PATCH	`/v1/auth/me`	—	No throttling (SkipThrottle).
POST	`/v1/auth/signout`	—	No throttling (SkipThrottle).
GET	`/v1/auth/branding`	—	No throttling (SkipThrottle).

Endpoints used for Authon dashboard login.

Method	Endpoint	Limit (count/window)	Notes
POST	`/v1/dashboard/auth/register`	20 / 60s	CAPTCHA required when TURNSTILE_SECRET_KEY env var is set.
POST	`/v1/dashboard/auth/login`	30 / 60s	turnstileToken required when CAPTCHA is configured.
POST	`/v1/dashboard/auth/verify-email`	60 / 60s	Email verification code submission.
POST	`/v1/dashboard/auth/resend-code`	20 / 60s	Resend verification code.

// HTTP 429

{

"statusCode": 429,

"message": "ThrottlerException: Too Many Requests",

"error": "Too Many Requests"

}

The SDK caches tokens in client memory. Avoid calling /token/verify directly on every request.
Call /token/refresh only when the token is about to expire. Use the SDK's built-in auto-refresh logic.
On receiving a 429, apply exponential backoff before retrying.
Never use Testing Mode (/testing/token) in a production environment.