Authentication
Waypath supports two authentication methods: JWT tokens for dashboard users and API keys for external consumers.
JWT Authentication
Register
POST /api/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password",
"name": "Your Name"
}Returns a JWT token (7-day expiry) and user object. A workspace is automatically created.
Login
POST /api/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password"
}Returns a JWT token and user object.
Verify session
GET /api/auth/session
Authorization: Bearer <jwt-token>Returns the current user object if the token is valid.
API Key Authentication
API keys use the dsk_ prefix and are scoped to a workspace.
Create an API key
POST /api/keys
Authorization: Bearer <jwt-token>
Content-Type: application/json
{
"name": "My Integration"
}Returns the API key. Store it securely, it cannot be retrieved again.
Use an API key
GET /api/v1/customers
X-API-Key: dsk_your_key_hereList API keys
GET /api/keys
Authorization: Bearer <jwt-token>Revoke an API key
DELETE /api/keys/:id
Authorization: Bearer <jwt-token>Auth priority
The server checks authentication in this order:
Authorization: Bearer <jwt>headerX-API-Keyheader- If neither is present, returns
401 Unauthorized