Skip to main content

Authorization

Overview

Manage user authentication, establish sessions, and control API access. Handle multi-step identity verification, maintain active sessions, and provide information about current permissions and tenant contexts.

Primary Concepts

  • Session: the signed-in context for a user or client that tracks identity, permissions, and active state.
  • Authentication: the process of verifying a user's identity through multi-step flows, typically starting with a username and completing with verification codes sent to trusted devices.
  • Verification: confirmation steps like one-time codes delivered via email or other trusted factors to prove identity before establishing a session.
  • Token: the credential used to authenticate API requests after successful login, often refreshable to maintain long-running sessions.
  • Context: the tenant or organizational scope that determines which resources and permissions are available in the current session, supporting multi-tenant scenarios where users may access multiple environments.
  • Logout: ending an active session to revoke access and clear authentication state.

Typical Scenarios

Start authentication by submitting a username, complete the verification step with a code from a trusted device, establish a session with tokens, and retrieve current session information including permissions and tenant context. Switch between available contexts when you have access to multiple tenants, and end sessions when authentication is no longer needed.

API Versioning

  • Only the latest version of each endpoint is displayed in this documentation.
  • Older versions are not shown but remain available in the API.
  • Always use the latest version shown when building or updating integrations.