Docs

Documentation

Authentication

Authenticate with the live Sentinel API using session-based auth.

The Sentinel API is served by the public gateway:

https://sentinel-api.fortiqo.xyz

The interactive OpenAPI specification for the live surface is always available at /openapi.json.

Session authentication

The gateway currently uses cookie-based sessions. Register or log in, keep the session cookie, and send it with every subsequent request.

Register

POST /v1/auth/register

curl -c cookies.txt -X POST https://sentinel-api.fortiqo.xyz/v1/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "you@example.com",
    "password": "a-strong-password",
    "displayName": "Your Name",
    "role": "buyer"
  }'
FieldTypeDescription
emailstringAccount email — must be unique
passwordstringAccount password
displayNamestringName shown on your profile
rolestringbuyer or developer

Registration starts a session immediately — the response sets the session cookie.

Log in

POST /v1/auth/login

curl -c cookies.txt -X POST https://sentinel-api.fortiqo.xyz/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "a-strong-password"}'

Current user

GET /v1/auth/me

curl -b cookies.txt https://sentinel-api.fortiqo.xyz/v1/auth/me

Returns the authenticated user's profile. Use this to confirm your session is valid.

Log out

POST /v1/auth/logout

Clears the session.

Note

Scoped API keys (Authorization: Bearer header auth) for server-to-server integrations are on the roadmap and will be documented here when they ship. Until then, all authenticated calls use the session cookie.

Error responses

StatusCause
401 UnauthorizedMissing or expired session
403 ForbiddenAuthenticated, but not allowed to perform the action
422 Unprocessable EntityRequest body failed validation — the response detail array lists each invalid field
429 Too Many RequestsRate limited — wait for the number of seconds in Retry-After

Rate limits

Rate limit headers are included on responses:

X-RateLimit-Limit
X-RateLimit-Remaining
X-RateLimit-Reset

When you are rate-limited the response status is 429 and Retry-After indicates how many seconds to wait before retrying.

Health

Two unauthenticated probes are available:

EndpointPurpose
GET /healthLiveness — returns {"status": "ok", "version": "..."}
GET /readinessReadiness — verifies the gateway's dependencies are reachable