Auth
How the dashboard signs you in, plus session logout and the current-user endpoint.
Beta — rolling out now. The dashboard and its control-plane API are in active rollout. The contract documented here is stable, but availability may vary by deployment.
All routes are under /api/v1. Requests and responses are JSON; timestamps are ISO-8601 UTC.
Errors take the form { "error": { "code": "…", "message": "…" } } with a matching HTTP status.
Signing in
You create an account and sign in from the dashboard web UI — there is no public signup or
login API to call yourself. When you sign in, the dashboard authenticates you (internally, via a
rate-limited POST /auth/login) and manages the resulting session token on your behalf. That
token is what authorizes the control-plane endpoints below, along with
API Keys and
Transactions & Stats.
To submit transactions you don't need a session token at all — you need an API key, which
you mint in the dashboard and pass as X-API-Key. See
Authentication.
POST /auth/logout
Revoke the current session. Requires Authorization: Bearer <token>.
Response — 204 No Content (empty body)
GET /me
Return the authenticated account. Requires Authorization: Bearer <token>.
Response — 200 OK
{ "id": "…", "email": "[email protected]", "created_at": "2026-07-05T18:00:00Z" }A missing, invalid, or expired token returns 401 unauthorized.