Authentication and Authorization
All API endpoints require authentication via session cookies or bearer tokens. Unauthorized requests will receive a 401 Unauthorized response.
Authentication Methods
-
Session-based: Use /api/v1/session/login to establish a session
-
Token-based: Include bearer token in Authorization header
Common HTTP Status Codes
-
200 OK: Request successful
-
201 Created: Resource created successfully
-
204 No Content: Request successful with no response body
-
400 Bad Request: Invalid request parameters
-
401 Unauthorized: Authentication required
-
403 Forbidden: Insufficient permissions
-
404 Not Found: Resource not found
-
500 Internal Server Error: Server-side error
Content Types
All API endpoints accept and return JSON data unless otherwise specified.
Request Headers:
Content-Type: application/json
Accept: application/json
Response Headers:
Content-Type: application/json; charset=utf-8