Skip to main content
Use these endpoints to exchange credentials for a session and log out. For SSO login redirects (Google/Microsoft) and integration OAuth, see OpenID & OAuth.

Account creation

Use POST /api/v1/auth/register to create a new credentials-based account. To use that account in Workspace, complete one of these operations:
  • Create a workspace user with the account ID in Users - Create a user.
  • Join directly to an organization through POST /api/v1/account/organization/{orgId}/join.

Log in with credentials

Successful login creates an account session. When LDAP is enabled, the server first tries LDAP authentication and then falls back to local credentials.

Log out

Manage API tokens

Use these endpoints to manage API tokens for the authenticated account. Token secrets are returned only when a token is created; after that, list responses include metadata and the token hash.

List tokens

Create a token

Copy the token value immediately. It is returned only once and cannot be recovered later.

Delete a token

Delete uses the stored token hash, not the clear token secret.

Errors and edge cases

  • 401/403: missing or invalid API token.
  • 429: too many login attempts.
  • 400: register payload missing required account roles, email, or password.