Skip to content
Soup

Authentication

The Soup API uses Bearer token authentication.

Getting a Token

Section titled “Getting a Token”

Self-Hosted (Local Password)

Section titled “Self-Hosted (Local Password)”

Check Setup Status

Section titled “Check Setup Status”
Terminal window
GET /api/v1/auth/setup

Response:

{
  "data": {
    "is_setup": false
  }
}

Initial Setup

Section titled “Initial Setup”

Only works once, when is_setup is false:

Terminal window
POST /api/v1/auth/setup
Content-Type: application/json


{
  "password": "your-secure-password"
}

Response:

{
  "data": {
    "token": "abc123...",
    "user": {
      "id": "user_abc123",
      "email": "admin@localhost",
      "name": "Admin"
    }
  }
}

Login

Section titled “Login”
Terminal window
POST /api/v1/auth/login
Content-Type: application/json


{
  "password": "your-password"
}

Response:

{
  "data": {
    "token": "abc123...",
    "user": {
      "id": "user_abc123",
      "email": "admin@localhost",
      "name": "Admin"
    }
  }
}

Change Password

Section titled “Change Password”

Requires authentication.

Terminal window
POST /api/v1/auth/change-password
Authorization: Bearer <token>
Content-Type: application/json


{
  "current_password": "old-password",
  "new_password": "new-password"
}

Response: 204 No Content

Section titled “Cloud (Magic Link)”

Request Code

Section titled “Request Code”
Terminal window
POST /api/v1/auth/request-code
Content-Type: application/json


{
  "email": "user@example.com"
}

Response:

{
  "data": {
    "message": "Code sent to your email"
  }
}

Verify Code

Section titled “Verify Code”
Terminal window
POST /api/v1/auth/verify-code
Content-Type: application/json


{
  "email": "user@example.com",
  "code": "123456"
}

Response:

{
  "data": {
    "token": "abc123...",
    "user": {
      "id": "user_abc123",
      "email": "user@example.com",
      "name": null
    }
  }
}

Using Tokens

Section titled “Using Tokens”

Include the token in the Authorization header:

Terminal window
curl -H "Authorization: Bearer <token>" \
  https://api.soup.dev/api/v1/projects

Token Properties

Section titled “Token Properties”
  • Tokens don’t expire by default
  • Tokens are stored as SHA-256 hashes (the raw token is only shown once)
  • Each login creates a new token
  • Old tokens remain valid until explicitly revoked

Get Current User

Section titled “Get Current User”
Terminal window
GET /api/v1/me
Authorization: Bearer <token>

Response:

{
  "data": {
    "id": "user_abc123",
    "email": "user@example.com",
    "name": "John Doe"
  }
}

Error Responses

Section titled “Error Responses”

Invalid Token

Section titled “Invalid Token”
{
  "error": "invalid token"
}

Status: 401 Unauthorized

Missing Token

Section titled “Missing Token”
{
  "error": "unauthorized"
}

Status: 401 Unauthorized