Authentication

Every request to the SafeSites API must be authenticated with a bearer token. Tokens are scoped to a single user and inherit that user's permissions.

Creating a token

Tokens are issued via the /tokens endpoint after a successful login. Treat them like passwords — store them somewhere safe, never commit them to source control.

Sending the token

Include the token in the Authorization header on every request:

Authorization: Bearer <token>

Requests without a valid token will receive a 401 Unauthorized response.