Authenticate

POST /v1/auth/authenticate

Exchanges an API key for a JWT access token and a refresh token.

No Authorization Required

This endpoint does not require a Bearer token. It is used to obtain one.

Headers

Header	Required	Value
`Content-Type`	Yes	`application/json`
`X-Target-Server`	Yes	`authentication`

Request Body

Field	Type	Required	Description
`api_key`	string	Yes	The full API key string

{
  "api_key": "sk-rqc-oat01-e5f6-7890-abcd..."
}

Response

200 OK

Returns the access token, refresh token, and expiration time.

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2025-01-01T01:00:00Z",
  "created_at": "2025-01-01T00:00:00Z"
}

Field	Type	Description
`token`	string	JWT access token (valid for 1 hour)
`refresh_token`	string	Refresh token (valid for 24 hours)
`expires_at`	string (ISO 8601)	Access token expiration time
`created_at`	string (ISO 8601)	Token creation time

400 Bad Request

API key is missing or invalid format.

{
  "code": 0,
  "domain": 0,
  "message": "api_key is required"
}

404 Not Found

API key not found, hash mismatch, expired, or inactive.

{
  "code": 0,
  "domain": 0,
  "message": "api key not found"
}

500 Internal Server Error

{
  "code": 0,
  "domain": 0,
  "message": "internal server error"
}

Headers​

Request Body​

Response​

200 OK​

400 Bad Request​

404 Not Found​

500 Internal Server Error​