Auth

Get Captcha Configuration

GET /v1/auth/captcha-config

No authentication required. Returns the Cloudflare Turnstile site configuration (used during front-end captcha rendering).

Response

{
  "enabled": true,
  "site_key": "0x..."
}

Check if User Exists

POST /v1/auth/check

Request Body

Response

{
  "exists": true
}

Query Registration Mode

GET /v1/auth/registration-mode

Response

{
  "mode": "open"
}

mode values: open (open), invite_only (invitation only), disabled (closed).

Register

POST /v1/auth/register

Request Body

Response

{
  "user_id": "...",
  "access_token": "...",
  "token_type": "bearer",
  "warning": null
}

On success, the server issues the Refresh Token via Set-Cookie (HttpOnly cookie: arkloop_refresh_token).

Login

POST /v1/auth/login

Request Body

Response

{
  "access_token": "...",
  "token_type": "bearer"
}

On success, the server issues the Refresh Token via Set-Cookie (HttpOnly cookie: arkloop_refresh_token).

Refresh Token

POST /v1/auth/refresh

Notes

No request body is required. The server reads and rotates the Refresh Token from the HttpOnly cookie arkloop_refresh_token.

Response — Same format as login response (only access_token, token_type), and the Refresh Token cookie will be updated.

Logout

POST /v1/auth/logout

Requires Bearer Token. Invalidates the current token and clears the Refresh Token cookie.

Response

{ "ok": true }

Email Verification — Send Verification Email

POST /v1/auth/email/verify/send

No request body. Uses the current logged-in user's email.

Email Verification — Confirm

POST /v1/auth/email/verify/confirm

Request Body

Email OTP Login — Send OTP

POST /v1/auth/email/otp/send

Request Body

Email OTP Login — Verify OTP

POST /v1/auth/email/otp/verify

Request Body

Response — Same format as login response (includes access_token, token_type), and the Refresh Token cookie will be updated.