Authentication
All API requests to TheWARDN require authentication via a Bearer token.
Base URL
https://api.thewardn.aiAuthentication Methods
API Key (Bearer Token)
Include your API key in the Authorization header:
bash
curl -H "Authorization: Bearer wdn_live_YOUR_KEY_HERE" \
https://api.thewardn.ai/healthSession Token (Console)
The console uses Supabase Auth for session-based authentication. After login, a JWT access token is stored and sent with each request. Token refresh is handled automatically.
Getting Your API Key
- Log in to console.thewardn.ai
- Navigate to Settings
- Find your API key in the API Configuration section
- Click Copy to copy it to clipboard
Security
- Never expose your API key in client-side code
- Use environment variables or secrets managers
- Rotate your key immediately if compromised (Settings > Regenerate Key)
Authentication Endpoints
Login
POST /auth/login
Authenticate with email and password. Returns JWT tokens.
Request:
json
{
"email": "user@example.com",
"password": "your-password"
}Response:
json
{
"access_token": "eyJ...",
"refresh_token": "abc...",
"user": {
"id": "usr_...",
"email": "user@example.com",
"role": "ARCHITECT"
},
"tenant": {
"id": "tnt_...",
"name": "My Organization",
"tier": "business"
}
}Signup
POST /auth/signup
Create a new account.
Request:
json
{
"email": "user@example.com",
"password": "secure-password-here",
"org_name": "My Organization"
}Refresh Token
POST /auth/refresh
Refresh an expired access token.
Request:
json
{
"refresh_token": "abc..."
}Logout
POST /auth/logout
Invalidate the current session.
Reset Password
POST /auth/reset-password
Send a password reset email.
Request:
json
{
"email": "user@example.com"
}Rate Limits
| Endpoint | Limit |
|---|---|
| Auth endpoints | 10 requests/minute |
| API endpoints | Based on tier (see below) |
| Tier | Burst Rate | Per-Minute | Per-Hour |
|---|---|---|---|
| Free | 5/sec | 30/min | 100/hr |
| Startup | 10/sec | 60/min | 1,000/hr |
| Business | 20/sec | 120/min | 5,000/hr |
| Enterprise | Custom | Custom | Custom |
Error Responses
All errors follow a consistent format:
json
{
"detail": "Human-readable error message"
}| Status Code | Meaning |
|---|---|
| 401 | Missing or invalid Authorization header |
| 403 | Insufficient permissions (wrong role or tier) |
| 404 | Resource not found |
| 422 | Validation error (check request body) |
| 429 | Rate limit exceeded |
| 500 | Internal server error |
Health Check
GET /health
No authentication required. Returns gateway status.
json
{
"status": "ok",
"service": "wardn-gateway",
"version": "1.0.0",
"timestamp": "2026-04-10T20:14:39Z",
"checks": {
"gateway": "ok",
"database": "ok"
}
}