← Back to Docs
Authentication
Two ways to authenticate with the notfs API.
JWT Bearer Token
Login or register returns a JWT token valid for 7 days. Use it in the Authorization header.
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
// Register
curl -X POST https://api.notfs.dev/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"you@example.com","password":"min8chars","name":"You"}'// Login
curl -X POST https://api.notfs.dev/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"you@example.com","password":"min8chars"}'API Key
For programmatic access (CI/CD, scripts, servers), use an API key. Keys have scoped permissions and optional expiration.
X-API-Key: ntfs_your_key_here
Create keys via POST /api/keys or from the iOS app under Settings > API Keys.
When to Use What
| Method | Best For | Expiry |
|---|---|---|
| JWT Token | iOS app, dashboard, short-lived sessions | 7 days |
| API Key | CI/CD, scripts, servers, long-lived access | Configurable or never |
Errors
If authentication fails, you'll get a 401 response:
{
"error": "Invalid or expired token",
"code": "UNAUTHORIZED"
}