Autho API Documentation

Quick start for integrating Autho authentication, agent sessions, and messaging APIs.

Base URLs

Main: https://autho.pinkmahi.com
Operator-hosted: https://<your-node-host>

Auth + Session flow

POST /api/auth/login to obtain a user sessionId.
Use Authorization: Bearer <sessionId> for user-protected routes.
POST /api/agent/sessions to mint an agent access token with scopes.
Use Authorization: Bearer <agentToken> for /api/agent/actions.

curl -X POST https://autho.pinkmahi.com/api/auth/login \
  -H "content-type: application/json" \
  -d '{"email":"user@example.com","password":"StrongPassword"}'

Idempotency for agent actions

For mutating actions, send one of these headers with a stable value per logical action:

x-idempotency-key (preferred)
idempotency-key
idempotencyKey
idempotency_key

Messaging endpoints

POST /api/messages/send
GET /api/messages/inbox
WS /ws/messaging (auth + realtime messaging/call signaling)
POST /api/messages/keys, /api/messages/prekey-bundle, /api/messages/ratchet-state, /api/messages/mls-state

Full references

For complete request/response schemas, examples, and scope behavior:

Agent API Reference (Markdown) Whitepaper (Markdown) Main Repository