Authentication

Nani supports two authentication modes:

  • Console usersPOST /v1/console/login → Bearer JWT for the customer dashboard.
  • API integrationsx-api-key header on server-to-server requests.

Console login

POST
/v1/console/login
curl -X POST http://localhost:3002/v1/console/login \ -H "Content-Type: application/json" \ -d '{ "email": "admin@dev.local", "password": "devpassword123" }'

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "user": {
    "user_id": "usr_01",
    "email": "admin@dev.local",
    "role": "tenant_admin",
    "tenant_id": "ten_01"
  },
  "capabilities": ["sessions:create", "sessions:read"],
  "default_path": "/dashboard"
}

The response includes access_token, role, capabilities, and default_path.

Current user

GET
/v1/me
curl http://localhost:3002/v1/me \ -H "Authorization: Bearer <token>"

Response

{
  "user": {
    "user_id": "usr_01",
    "email": "admin@dev.local",
    "role": "tenant_admin",
    "tenant_id": "ten_01"
  },
  "tenant": {
    "tenant_id": "ten_01",
    "name": "Acme Ltd",
    "status": "active"
  },
  "capabilities": ["sessions:create", "sessions:read"],
  "default_path": "/dashboard"
}

Use capabilities to show or hide console features.

API keys

Server-to-server requests use the x-api-key header:

cURL

curl http://localhost:3002/v1/sessions \
  -H "x-api-key: sk_sandbox_YOUR_KEY"

Never expose sandbox or production keys in client-side code.

Was this page helpful?