Authentication

Console auth uses bearer tokens. API keys are manual integration credentials.

The frontend no longer generates API keys during login. Product surfaces authenticate with the bearer token. Create an API key only when an external service needs a stable credential.

POST /api/v1/auth/login
{
  "email": "founder@company.com",
  "password": "ChangeMe123!"
}

Create integration API key

POST /api/v1/auth/api_keys
Authorization: Bearer <access_token>

{
  "name": "production-ingestion",
  "rate_limit_per_minute": 1000
}

Only one active company API key is allowed at a time. Revoke the current one before creating another.

Getting Started Admin Portal