Authentication
Nani supports two authentication modes:
- Console users —
POST /v1/console/login→ Bearer JWT for the customer dashboard. - API integrations —
x-api-keyheader on server-to-server requests.
Console login
POST
/v1/console/logincurl -X POST http://localhost:3002/v1/console/login \ -H "Content-Type: application/json" \ -d '{ "email": "admin@dev.local", "password": "devpassword123" }'
Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 3600,
"user": {
"user_id": "usr_01",
"email": "admin@dev.local",
"role": "tenant_admin",
"tenant_id": "ten_01"
},
"capabilities": ["sessions:create", "sessions:read"],
"default_path": "/dashboard"
}
The response includes access_token, role, capabilities, and default_path.
Current user
GET
/v1/mecurl http://localhost:3002/v1/me \ -H "Authorization: Bearer <token>"
Response
{
"user": {
"user_id": "usr_01",
"email": "admin@dev.local",
"role": "tenant_admin",
"tenant_id": "ten_01"
},
"tenant": {
"tenant_id": "ten_01",
"name": "Acme Ltd",
"status": "active"
},
"capabilities": ["sessions:create", "sessions:read"],
"default_path": "/dashboard"
}
Use capabilities to show or hide console features.
API keys
Server-to-server requests use the x-api-key header:
cURL
curl http://localhost:3002/v1/sessions \
-H "x-api-key: sk_sandbox_YOUR_KEY"
Never expose sandbox or production keys in client-side code.