Authentication
PrivaBase uses JWT Bearer tokens for user authentication and API keys for server-to-server access.
Auth Methods
| Method | Header | Use Case |
|---|---|---|
| JWT Token | Authorization: Bearer <token> | User sessions, dashboard |
| API Key | X-API-Key: <key> | Server-to-server, automation |
Endpoints (14)
POST
/auth/signup
Create a new account. Also available at
/auth/register.Request Body
| Field | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address |
password | string | Yes | Password (min 8 chars) |
name | string | No | Display name |
curl -X POST https://api.privabase.com/api/v1/auth/signup \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "SecurePass123!"}'Response
{
"success": true,
"data": {
"token": "eyJhbGciOi...",
"user": { "id": "uuid", "email": "user@example.com" }
}
}
POST
/auth/login
Authenticate with email and password. Returns JWT token.
Request Body
| Field | Type | Required |
|---|---|---|
email | string | Yes |
password | string | Yes |
curl -X POST https://api.privabase.com/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{"email": "user@example.com", "password": "SecurePass123!"}'
POST
/auth/refresh
Refresh an expiring JWT token. Send the current token in the Authorization header.
curl -X POST https://api.privabase.com/api/v1/auth/refresh \
-H "Authorization: Bearer YOUR_TOKEN"
POST
/auth/logout
Invalidate the current session token.
curl -X POST https://api.privabase.com/api/v1/auth/logout \
-H "Authorization: Bearer YOUR_TOKEN"
POST
/auth/forgot-password
Send a password reset email.
Request Body
{ "email": "user@example.com" }
POST
/auth/reset-password
Reset password using the token from the reset email.
Request Body
{ "token": "reset-token-from-email", "password": "NewSecurePass456!" }
GET
/auth/verify-email
Verify email address. Called via the link in the verification email.
Query Parameters
| Param | Description |
|---|---|
token | Verification token from email |
POST
/auth/resend-verification ๐
Resend the email verification link. Requires authentication.
GET
/auth/account ๐
Get current account details.
curl https://api.privabase.com/api/v1/auth/account \
-H "Authorization: Bearer YOUR_TOKEN"
GET
/auth/usage ๐
Get API usage statistics for the current account.
API Keys
API keys are for server-to-server access. They don't expire but can be revoked.
POST
/auth/api-keys ๐
Create a new API key.
Request Body
{ "name": "Production Server" }Response
{
"success": true,
"data": {
"id": "key-uuid",
"name": "Production Server",
"key": "pb_live_abc123...",
"createdAt": "2026-03-13T..."
}
}โ ๏ธ Save your key
The full API key is only shown once at creation. Store it securely.
GET
/auth/api-keys ๐
List all API keys for the current account.
DELETE
/auth/api-keys/:id ๐
Revoke an API key.
curl -X DELETE https://api.privabase.com/api/v1/auth/api-keys/key-uuid \
-H "Authorization: Bearer YOUR_TOKEN"