Docs
Browse docs

API reference

All endpoints exposed by the instance API. Paths are rooted at your KL_PUBLIC_BASE_URL (e.g. https://api.kolaylogin.com). Authenticated endpoints read the __session cookie; admin endpoints on the dashboard surface require a dashboard JWT (Bearer).

Copy this quickstart guide as a prompt for LLMs to implement KolayLogin in your application.

Authentication

MethodPathDescription
POST/v1/auth/sign-up/email-passwordCreate user + session
POST/v1/auth/sign-in/email-passwordVerify credentials + session
POST/v1/auth/sign-in/magic-linkRequest a magic-link email
GET/v1/auth/magic-link/verifyExchange token for session
POST/v1/auth/sign-in/sms-otpSend a 6-digit SMS code
POST/v1/auth/sms/verifyVerify code + create session
GET/v1/auth/oauth/:provider/authorizeStart OAuth flow
GET/v1/auth/oauth/:provider/callbackExchange code + session
POST/v1/auth/sign-outEnd this client
POST/v1/auth/sign-out/allEnd every session for the user

Passkeys

MethodPathDescription
POST/v1/auth/me/passkeys/register/beginGet challenge (auth required)
POST/v1/auth/me/passkeys/register/completeFinish registration (auth required)
POST/v1/auth/passkeys/authenticate/beginGet challenge for sign-in
POST/v1/auth/passkeys/authenticate/completeFinish sign-in + session

Sessions

MethodPathDescription
POST/v1/auth/sessions/refreshRotate __client + mint new __session

Organizations

MethodPathDescription
GET/v1/orgsList current user's orgs
POST/v1/orgsCreate an org
POST/v1/orgs/:id/invitationsInvite a user
GET/v1/orgs/:id/invitationsList invites
POST/v1/orgs/invitations/acceptAccept via one-time token
PATCH/v1/orgs/currentSwitch active org

Billing

MethodPathDescription
GET/v1/billing/plansPublic plan catalog
POST/v1/billing/checkoutCreate a Stripe Checkout session
GET/v1/billing/subscriptionCurrent user's subscription (if any)
POST/v1/stripe/webhookStripe → KolayLogin webhook receiver

Well-known

MethodPathDescription
GET/.well-known/jwks.jsonPublic keys for session JWT verification
GET/healthzProcess liveness probe

Conventions

Request bodies are JSON. Responses return { ok: true, ... } on success and standard HTTP status codes on failure with { error: string, message?: string }.

← Previous
Billing & plans