Authentication

All API endpoints (except registration and login) require a JWT bearer token in the Authorization header.

Base URL

https://api.cookieboss.io/api/v1

Authentication header

text

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Tokens are valid for 7 days. After expiry, you’ll receive a 401 response and need to log in again.

Endpoints

POST /api/v1/auth/register Create a new account

Creates a new customer account. The company field is optional. Returns a JWT token immediately — no email verification required.

Request Body

{
"email": "[email protected]",
"password": "securepassword123",
"name": "Jane Developer",
"company": "Acme Inc"
}

Response

{
"token": "eyJhbGciOiJIUzI1NiIs...",
"customer": {
  "id": "01HXYZ...",
  "email": "[email protected]",
  "name": "Jane Developer",
  "company": "Acme Inc",
  "plan": "free"
}
}

POST /api/v1/auth/login Log in and get a token

Returns a JWT token and the customer profile. Invalid credentials return 401.

Request Body

{
"email": "[email protected]",
"password": "securepassword123"
}

Response

{
"token": "eyJhbGciOiJIUzI1NiIs...",
"customer": {
  "id": "01HXYZ...",
  "email": "[email protected]",
  "name": "Jane Developer",
  "company": "Acme Inc",
  "plan": "starter"
}
}

Error responses

All error responses follow this shape:

json

{
"error": "unauthorized",
"message": "Invalid credentials"
}

Status	Error code	Meaning
400	`validation_error`	Invalid request body
401	`unauthorized`	Invalid or expired token
409	`conflict`	Email already registered
429	(rate limit)	Too many requests

Rate limiting

Registration is limited to 5 requests per IP per hour. Login is limited to 10 requests per IP per minute. Exceeding these limits returns a 429 status.

Example: cURL

bash

# Register
curl -X POST https://api.cookieboss.io/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"secure123","name":"Jane"}'

# Login
curl -X POST https://api.cookieboss.io/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"[email protected]","password":"secure123"}'

# Use the token
curl https://api.cookieboss.io/api/v1/sites \
-H "Authorization: Bearer YOUR_TOKEN_HERE"