Authentication

OmniLux uses bearer tokens for authenticated API requests.

http

POST /api/auth/login
Content-Type: application/json

{
  "username": "your-username",
  "password": "your-password"
}

bash

curl -sS \
  -X POST \
  -H "Content-Type: application/json" \
  --data @- \
  "http://your-server:4000/api/auth/login" <<'EOF'
{
  "username": "your-username",
  "password": "your-password"
}
EOF

Response:

json

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": {
    "id": 1,
    "username": "your-username",
    "role": "user"
  }
}

Using tokens

Send the token in the Authorization header:

http

Authorization: Bearer <token>

Role-aware access

Some endpoints require elevated privileges. When a signed-in user lacks access, the server returns 403 Forbidden.

Security notes

Treat bearer tokens like passwords.
Use HTTPS whenever the API is reachable beyond your local network.
Do not paste real tokens into terminal history, screenshots, bug reports, or shared docs.

This public docs page intentionally documents only the standard bearer-token flow.

Authentication ​

Login ​

Using tokens ​

Role-aware access ​

Security notes ​

Authentication

Login

Using tokens

Role-aware access

Security notes