Skip to main content

Auth endpoints

All auth endpoints are under /v1/auth and do not require a Bearer token.

POST /v1/auth/session

Create a session and receive an access token (JWT). Use this token as Authorization: Bearer <accessToken> for protected endpoints.

Body (local):

{
  "provider": "local",
  "email": "you@example.com",
  "password": "your-password",
  "workspaceId": "optional-workspace-id"
}

Body (OAuth):

{
  "provider": "google",
  "idToken": "<id-token-from-oauth-flow>",
  "workspaceId": "optional-workspace-id"
}

Use "provider": "microsoft" for Microsoft. workspaceId is optional; if omitted, the response may include workspace info for the user’s workspaces.

Response (200):

{
  "accessToken": "eyJ...",
  "user": { "id": "...", "email": "..." },
  "workspace": { "id": "...", "name": "..." }
}

Example (local):

curl -X POST https://api.inboxops.app/v1/auth/session \
  -H "Content-Type: application/json" \
  -d '{"provider":"local","email":"you@example.com","password":"your-password"}'

POST /v1/auth/register

Register a new account with email and password.

Body: { "email": "you@example.com", "password": "your-password" }

Response (201): Registration result (e.g. success message or user id). If email verification is required, the user must verify before logging in.

Example:

curl -X POST https://api.inboxops.app/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com","password":"your-password"}'

POST /v1/auth/accept-invite

Accept a workspace invitation (token from invite email) and set password.

Body: { "token": "<invite-token>", "email": "you@example.com", "password": "new-password" }

Response (200): Session or success. May return an access token so the user is logged in after accepting.

Example:

curl -X POST https://api.inboxops.app/v1/auth/accept-invite \
  -H "Content-Type: application/json" \
  -d '{"token":"invite-token","email":"you@example.com","password":"new-password"}'

POST /v1/auth/verify-email

Verify email address using the token sent by email.

Body: { "token": "<verification-token>" }

Response (200): Success. User can then log in.

Example:

curl -X POST https://api.inboxops.app/v1/auth/verify-email \
  -H "Content-Type: application/json" \
  -d '{"token":"verification-token"}'

POST /v1/auth/resend-verification

Resend the email verification message.

Body: { "email": "you@example.com" }

Response (200): {} or success message. Rate limiting may apply to prevent abuse.

Example:

curl -X POST https://api.inboxops.app/v1/auth/resend-verification \
  -H "Content-Type: application/json" \
  -d '{"email":"you@example.com"}'