Authentication¶

Endpoints for creating accounts, logging in, and ending sessions.

Create a new user account and tenant.

POST /v1/auth/signup

Authentication: None required

Scope: Public

Request¶

cURLPythonTypeScript

curl -X POST https://api.ipto.ai/v1/auth/signup \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "s3cur3P@ssw0rd!",
    "display_name": "Alice Chen",
    "tenant_name": "Acme Corp"
  }'

import requests

response = requests.post(
    "https://api.ipto.ai/v1/auth/signup",
    json={
        "email": "[email protected]",
        "password": "s3cur3P@ssw0rd!",
        "display_name": "Alice Chen",
        "tenant_name": "Acme Corp",
    },
)
data = response.json()

const response = await fetch("https://api.ipto.ai/v1/auth/signup", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    password: "s3cur3P@ssw0rd!",
    display_name: "Alice Chen",
    tenant_name: "Acme Corp",
  }),
});
const data = await response.json();

Request Body¶

Field	Type	Required	Description
`email`	`string`	Yes	The user's email address. Must be unique.
`password`	`string`	Yes	Password for the new account. Minimum 8 characters.
`display_name`	`string`	Yes	Display name shown in the UI.
`tenant_name`	`string`	Yes	Name of the new tenant (organization).

Response¶

{
  "data": {
    "user_id": "usr_a1b2c3d4e5f6",
    "tenant_id": "tnt_f6e5d4c3b2a1",
    "session_token": "sess_eyJhbGciOiJIUzI1NiIs...",
    "display_name": "Alice Chen",
    "email": "[email protected]"
  },
  "request_id": "req_abc123",
  "timestamp": "2026-04-05T10:00:00Z"
}

Response Fields¶

Field	Type	Description
`user_id`	`string`	Unique identifier for the created user.
`tenant_id`	`string`	Unique identifier for the created tenant.
`session_token`	`string`	Session token for authenticating subsequent requests.
`display_name`	`string`	The user's display name.
`email`	`string`	The user's email address.

First user is the tenant owner

The first user to sign up for a tenant is automatically assigned the owner role. Additional users can be invited later.

Log In¶

Authenticate with email and password to obtain a session token.

POST /v1/auth/login

Authentication: None required

Scope: Public

Request¶

cURLPythonTypeScript

curl -X POST https://api.ipto.ai/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "s3cur3P@ssw0rd!"
  }'

import requests

response = requests.post(
    "https://api.ipto.ai/v1/auth/login",
    json={
        "email": "[email protected]",
        "password": "s3cur3P@ssw0rd!",
    },
)
data = response.json()

const response = await fetch("https://api.ipto.ai/v1/auth/login", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    email: "[email protected]",
    password: "s3cur3P@ssw0rd!",
  }),
});
const data = await response.json();

Request Body¶

Field	Type	Required	Description
`email`	`string`	Yes	The user's email address.
`password`	`string`	Yes	The user's password.

Response¶

{
  "data": {
    "session_token": "sess_eyJhbGciOiJIUzI1NiIs...",
    "user_id": "usr_a1b2c3d4e5f6",
    "tenant_id": "tnt_f6e5d4c3b2a1",
    "display_name": "Alice Chen",
    "email": "[email protected]",
    "is_platform_admin": false
  },
  "request_id": "req_def456",
  "timestamp": "2026-04-05T10:01:00Z"
}

Response Fields¶

Field	Type	Description
`session_token`	`string`	Session token for authenticating subsequent requests.
`user_id`	`string`	Unique identifier for the authenticated user.
`tenant_id`	`string`	Unique identifier for the user's tenant.
`display_name`	`string`	The user's display name.
`email`	`string`	The user's email address.
`is_platform_admin`	`boolean`	Whether the user has platform-wide admin privileges.

Log Out¶

Invalidate the current session token.

POST /v1/auth/logout

Authentication: Authorization: Bearer {token}

Scope: Any authenticated session

Request¶

cURLPythonTypeScript

curl -X POST https://api.ipto.ai/v1/auth/logout \
  -H "Authorization: Bearer {token}"

import requests

response = requests.post(
    "https://api.ipto.ai/v1/auth/logout",
    headers={"Authorization": "Bearer {token}"},
)
data = response.json()

const response = await fetch("https://api.ipto.ai/v1/auth/logout", {
  method: "POST",
  headers: { Authorization: "Bearer {token}" },
});
const data = await response.json();

Parameters¶

No request body is required.

Response¶

{
  "data": {
    "success": true
  },
  "request_id": "req_ghi789",
  "timestamp": "2026-04-05T10:02:00Z"
}

Response Fields¶

Field	Type	Description
`success`	`boolean`	`true` if the session was successfully invalidated.

Token invalidation

After logout, the session token is permanently invalidated. Any subsequent requests using the same token will receive a 401 Unauthorized response.

Authentication¶

Sign Up¶

Request¶

Request Body¶

Response¶

Response Fields¶

Log In¶

Request¶

Request Body¶

Response¶

Response Fields¶

Log Out¶

Request¶

Parameters¶

Response¶

Response Fields¶