Authentication

Users authenticate via Discord OAuth. The API returns a JWT stored in localStorage and a session cookie. Include it on all authenticated requests.

Authorization: Bearer <jwt>

GET /api/v1/auth/me
→ { id, username, discordId, subscriptionPlan, ... }

Enterprise customers receive scoped API keys for the /enterprise/v1 routes. Keys are managed from Dashboard → Enterprise with permission boundaries.

JWT sessions last 30 days by default. Re-authenticate via Discord if you receive 401 Unauthorized responses.