Skip to content

API: Auth

Sign in and manage tokens. All endpoints require authentication unless noted. 18 endpoints.

Request a password reset email

Request body (JSON)

Field Type Required Description
email string yes

Responses: 200 · 400 · 401 · 404

User login

Request body (JSON)

Field Type Required Description
email string yes
password string yes

Responses: 200 · 400 · 401 · 404

Logout (revoke refresh token)

Request body (JSON)

Field Type Required Description
refreshToken string no

Responses: 204 — No content · 401 · 404

Get current user profile

Responses: 200 · 400 · 401 · 404

Complete an MFA-gated login with a TOTP code

Request body (JSON)

Field Type Required Description
mfaToken string yes
code string yes

Responses: 200

Disable MFA (requires a valid current code)

Request body (JSON)

Field Type Required Description
code string yes

Responses: 200

Enable MFA after verifying a TOTP code

Request body (JSON)

Field Type Required Description
code string yes

Responses: 200

Begin TOTP enrollment (returns secret + otpauth URI)

Responses: 200

Whether TOTP MFA is enabled for the caller

Responses: 200

Refresh access token

Request body (JSON)

Field Type Required Description
refreshToken string no

Responses: 200 · 400 · 401 · 404

Register a new user (requires authentication)

Request body (JSON)

Field Type Required Description
email string yes
name string yes
password string yes
companyId string yes

Responses: 201 · 400 · 401 · 409

Reset password using a reset token

Request body (JSON)

Field Type Required Description
token string yes
password string yes

Responses: 200 · 400 · 401 · 404

Redirect to the organization’s identity provider

Path parameters

Name Type Required Description
slug string yes

Responses: 200

OIDC callback — completes the SSO login

Responses: 200

The company’s SSO configuration (secret redacted)

Responses: 200

Create or update the company’s OIDC SSO configuration

Request body (JSON)

Field Type Required Description
issuerUrl string yes
clientId string yes
clientSecret string no
allowedDomains array of string no
autoProvision boolean no
isEnabled boolean no

Responses: 200

Remove the company’s SSO configuration

Responses: 200

Whether SSO is available for an email (returns the org slug)

Query parameters

Name Type Required Description
email string yes

Responses: 200