Auth

Token lifecycle for automation, plus a way to identify the current caller.

Session-only flows are excluded

Endpoints used by the operator portal — /auth/login, /auth/signup, /auth/forgot-password, etc. — are intentionally not part of the public API. They depend on cookies and are not designed for programmatic use.

Auth

Operations

GET/api/auth/meGET/api/auth/tokensPOST/api/auth/tokensDELETE/api/auth/tokens/{id}

---

Identify the current caller

GET

/api/auth/me

Returns the user record associated with the bearer token (or session). Useful for token introspection from automation.

Authorizations

bearer

Type

HTTP (bearer)

Responses

GET

/api/auth/me

Playground

Server

Authorization

bearer

Samples

---

List the caller's API tokens

GET

/api/auth/tokens

Returns metadata only — the secret plaintext is never readable after creation.

Authorizations

bearer

Type

HTTP (bearer)

Responses

GET

/api/auth/tokens

Playground

Server

Authorization

bearer

Samples

---

Mint a new API token

POST

/api/auth/tokens

Session-only — minting a bearer token from a bearer token would let a leaked token self-propagate. The plaintext is in the response once; store it immediately.

Authorizations

bearer

Type

HTTP (bearer)

Request Body

application/json

{

"name": "string",

"scope": {

},

"expiresAt": "string"

}

Responses

POST

/api/auth/tokens

Playground

Server

Authorization

bearer

Body

Samples

---

Revoke an API token

DELETE

/api/auth/tokens/{id}

Session callers can revoke any of their own tokens. Bearer callers can only revoke the token they are authenticating with — lets nuc auth logout clean up after itself without opening a "one token can retire another" hole.

Authorizations

bearer

Type

HTTP (bearer)

Parameters

Path Parameters

id*

Type

string

Required

Responses

DELETE

/api/auth/tokens/{id}

Playground

Server

Authorization

bearer

Variables

Key

Value

id*

Samples

---

Powered by VitePress OpenAPI