Zeptoz

Appearance

Authentication API

Endpoints

  • POST /api/auth/register
  • POST /api/auth/login
  • POST /api/auth/logout
  • POST /api/auth/token/refresh
  • GET /api/auth/me
  • GET /api/auth/oauth/{provider}/start
  • GET /api/auth/oauth/{provider}/callback

Register

bash
curl -s -X POST http://127.0.0.1:3000/api/auth/register \
  -H 'Content-Type: application/json' \
  -d '{"email":"dev@example.com","password":"secret"}'

Login

bash
curl -i -s -X POST http://127.0.0.1:3000/api/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"email":"dev@example.com","password":"secret"}'

Login response includes tokens and sets zeptoz_session cookie.

Identity and sessions

Collection and file routes require a valid authenticated user via:

  • Authorization: Bearer <access_token>, or
  • zeptoz_session cookie.

Authorization (RBAC + Access Policies) is documented in Authorization.