Authentication
Waypath supports two authentication methods: JWT tokens for dashboard users and API keys for external consumers.
01JWT Authentication
Register
POST /api/auth/register
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password",
"name": "Your Name"
}
Returns a JWT token (7-day expiry) and user object. A workspace is automatically created.
Login
POST /api/auth/login
Content-Type: application/json
{
"email": "user@example.com",
"password": "your-password"
}
Returns a JWT token and user object.
Verify session
GET /api/auth/session
Authorization: Bearer <jwt-token>
Returns the current user object if the token is valid.
02API Key Authentication
API keys use the wp_live_ prefix and are scoped to a workspace.
Create an API key
POST /api/keys
Authorization: Bearer <jwt-token>
Content-Type: application/json
{
"name": "My Integration"
}
Returns the API key. Store it securely, it cannot be retrieved again.
Use an API key
GET /v1/customers
X-API-Key: wp_live_your_key_here
List API keys
GET /api/keys
Authorization: Bearer <jwt-token>
Revoke an API key
DELETE /api/keys/:id
Authorization: Bearer <jwt-token>
03Auth priority
The server checks authentication in this order:
Authorization: Bearer <jwt>headerX-API-Keyheader- If neither is present, returns
401 Unauthorized