This API supports a flexible authentication system while enabling a fully RESTful and granular experience. It accommodates a wide range of user states — from public guests to fully registered users — with clear progression paths, robust access control, and stateless interactions designed for modern, token-based applications.
To explore the full API documentation, visit the interactive Swagger docs:
All API requests must include a valid Client Token in the Authorization header. This token identifies the calling application and grants access to the API.
To generate a client token, visit the developer console:
The User Token identifies the current user or session and is required for all user-level interactions.
x-user-token header on all requests.Refresh your tokens by sending:
x-refresh-token to POST /v2/auth/refresh
On every request, the API will return a usr object that reflects the token state on request. This helps client applications validate session context without needing to inspect or decode the token manually.please note if your request modifys the token the usr object reflects the state prior to any change.
No user token is present. To begin, request an anonymous token.
POST /v2/auth/anon/token
You are using a guest token. You can either register a new user or request a login code to link to an existing account.
POST /v2/usersPOST /v2/auth/request
Your account is created but not yet verified. Use the email + code to complete login.
POST /v2/auth/token
Your token has expired. Refresh it using your refresh token.
POST /v2/auth/refresh
Your user account is fully validated and active. You can access the full API.
GET /v2/users/:id
Your account is suspended. You may still access your profile but most actions are restricted.
GET /v2/users/:id