Auth API Reference
Base URL: https://auth.shellapps.com/api/v1/
All authenticated endpoints require a Bearer token in the Authorization header.
Authorization: Bearer <access_token>Authentication
POST /auth/register
Create a new account.
// Request
{
"email": "user@example.com",
"password": "securePassword123",
"displayName": "Alex"
}
// Response 201
{
"userId": "user_abc123",
"profileId": "profile_xyz",
"accessToken": "eyJ...",
"refreshToken": "rt_...",
"expiresIn": 900
}POST /auth/login
Sign in with credentials.
// Request
{
"email": "user@example.com",
"password": "securePassword123"
}
// Response 200
{
"userId": "user_abc123",
"activeProfileId": "profile_xyz",
"accessToken": "eyJ...",
"refreshToken": "rt_...",
"expiresIn": 900
}POST /auth/login/oauth
Sign in via OAuth provider. See OAuth Integration for the full flow.
// Request
{
"provider": "google",
"code": "auth_code_from_provider",
"redirectUri": "https://your-app.com/callback"
}Session Management
POST /auth/token/refresh
Refresh an expired access token.
// Request
{
"refreshToken": "rt_..."
}
// Response 200
{
"accessToken": "eyJ...",
"refreshToken": "rt_new...",
"expiresIn": 900
}POST /auth/logout
Invalidate the current session.
Authorization: Bearer <access_token>Returns 204 No Content.
GET /auth/session
Get the current session details.
// Response 200
{
"userId": "user_abc123",
"activeProfileId": "profile_xyz",
"roles": ["builder"],
"expiresAt": "2025-03-01T12:00:00Z"
}Profiles
GET /profiles
List all profiles for the authenticated user.
// Response 200
{
"profiles": [
{
"id": "profile_xyz",
"displayName": "Alex",
"avatar": "https://cdn.shellapps.com/avatars/abc.png",
"isActive": true
}
]
}POST /profiles
Create a new profile.
// Request
{
"displayName": "Work Alex",
"avatar": "https://example.com/avatar.png"
}PUT /profiles/:profileId/activate
Switch the active profile. See Profiles for more on the profile system.
// Response 200
{
"activeProfileId": "profile_abc",
"accessToken": "eyJ..."
}PATCH /profiles/:profileId
Update a profile.
// Request
{
"displayName": "New Name",
"avatar": "https://example.com/new-avatar.png"
}Groups
See Groups & Permissions for concepts.
GET /groups
List groups the user belongs to.
POST /groups
Create a new group.
GET /groups/:groupId/members
List group members and their roles.
POST /groups/:groupId/members
Add a member to a group.
{
"profileId": "profile_xyz",
"role": "editor"
}Error Responses
All errors follow a consistent format:
{
"error": {
"code": "INVALID_CREDENTIALS",
"message": "Email or password is incorrect",
"status": 401
}
}| Code | Status | Description |
|---|---|---|
INVALID_CREDENTIALS | 401 | Wrong email/password |
TOKEN_EXPIRED | 401 | Access token has expired |
INSUFFICIENT_PERMISSIONS | 403 | Missing required role/permission |
NOT_FOUND | 404 | Resource not found |
VALIDATION_ERROR | 422 | Invalid request body |