Authentication
All API requests require authentication using either an API key or OAuth token.
API Key Authentication
Include your API key in the X-API-Key header:
curl -X GET "https://api.ofself.ai/api/v1/nodes" \
-H "X-API-Key: ofs_key_xxxxxxxxxxxxx" \
-H "X-User-ID: user-123"
User ID Header
When using API keys, you must specify the user with X-User-ID header. You can only access data for users who have authorized your app.
OAuth Authentication
Use the Authorization header with a Bearer token:
curl -X GET "https://api.ofself.ai/api/v1/nodes" \
-H "Authorization: Bearer ofs_access_xxxxxxxxxxxxx"
With OAuth tokens, the user is already identified - no X-User-ID needed.
Endpoints
POST /auth/register
Create a new user account.
curl -X POST "https://api.ofself.ai/api/v1/auth/register" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "securepassword",
"username": "johndoe"
}'
Response:
{
"user": {
"id": "user_a1b2c3",
"email": "user@example.com",
"username": "johndoe"
},
"tokens": {
"access_token": "ofs_access_xxx",
"refresh_token": "ofs_refresh_xxx",
"expires_in": 3600
}
}
POST /auth/login
Authenticate and get tokens.
curl -X POST "https://api.ofself.ai/api/v1/auth/login" \
-H "Content-Type: application/json" \
-d '{
"email": "user@example.com",
"password": "securepassword"
}'
POST /auth/refresh
Refresh an access token.
curl -X POST "https://api.ofself.ai/api/v1/auth/refresh" \
-H "Content-Type: application/json" \
-d '{
"refresh_token": "ofs_refresh_xxxxxxxxxxxxx"
}'
GET /auth/me
Get current authenticated user.
curl -X GET "https://api.ofself.ai/api/v1/auth/me" \
-H "Authorization: Bearer ofs_access_xxxxxxxxxxxxx"
POST /auth/logout
Invalidate current tokens.
curl -X POST "https://api.ofself.ai/api/v1/auth/logout" \
-H "Authorization: Bearer ofs_access_xxxxxxxxxxxxx"
Error Responses
401 Unauthorized
{
"error": "Invalid API key",
"status_code": 401
}
403 Forbidden
{
"error": "User has not authorized this app",
"status_code": 403
}