Authentication
JWT tokens, API keys, and OAuth for securing API access.
Authentication Methods
Apperio supports three authentication methods depending on the use case:
| Method | Used For | Header |
|---|---|---|
| JWT Token | Dashboard API access, data queries | Authorization: Bearer <token> |
| API Key | SDK log ingestion | X-API-Key: <key> |
| OAuth | Social login (GitHub, Google) | Via OAuth flow |
JWT Authentication
Most API endpoints require a JWT token obtained by logging in. The token is sent in the Authorization header with a Bearer prefix.
Bash
# Include JWT in requests
curl -X GET https://apperioserver.onrender.com/api/v1/projects \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."example.ts
class="syntax-comment">// JavaScript/TypeScript usage
const response = await fetch(class="syntax-string">"https:class="syntax-comment">//apperioserver.onrender.com/api/v1/projects", {
headers: {
class="syntax-string">"Authorization": class="syntax-string">"Bearer " + token,
class="syntax-string">"Content-Type": class="syntax-string">"application/json",
},
});Info
JWT tokens expire after 10 hours. After expiration, you need to log in again to get a new token.
API Key Authentication
API keys are used by the SDK for log ingestion. Each project has a unique API key that can be regenerated from the dashboard.
Bash
# Send logs with API key
curl -X POST https://apperioserver.onrender.com/api/v1/PROJECT_ID/logs \
-H "X-API-Key: your-api-key-here" \
-H "Content-Type: application/json" \
-d '{
"timestamp": "2026-03-07T10:30:00Z",
"level": "info",
"message": "Test log entry"
}'API keys only grant access to the log ingestion endpoint for the specific project. They cannot be used to query data or manage settings.
OAuth Authentication
Apperio supports OAuth login via GitHub and Google. The OAuth flow is handled by the frontend and backend together:
POST
/api/v1/users/oauth/loginAuthenticate via OAuth provider
JSON
// Request body
{
"provider": "github", // or "google"
"code": "oauth_authorization_code",
"redirectUri": "https://loghive.vercel.app/callback"
}
// Response
{
"status": "success",
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "user_id",
"email": "user@example.com",
"name": "John Doe"
}
}
}User Signup
POST
/api/v1/users/signupRegister a new user account
Bash
curl -X POST https://apperioserver.onrender.com/api/v1/users/signup \
-H "Content-Type: application/json" \
-d '{
"name": "Jane Doe",
"email": "jane@example.com",
"password": "securePassword123"
}'JSON
// Response(201 Created)
{
"status": "success",
"message": "User created successfully",
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "abc123",
"name": "Jane Doe",
"email": "jane@example.com"
}
}
}User Login
POST
/api/v1/users/loginAuthenticate and receive a JWT token
Bash
curl -X POST https://apperioserver.onrender.com/api/v1/users/login \
-H "Content-Type: application/json" \
-d '{
"email": "jane@example.com",
"password": "securePassword123"
}'JSON
// Response(200 OK)
{
"status": "success",
"data": {
"token": "eyJhbGciOiJIUzI1NiIs...",
"user": {
"id": "abc123",
"name": "Jane Doe",
"email": "jane@example.com"
}
}
}Error Codes
| Status | Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED | Missing or invalid authentication token |
| 401 | TOKEN_EXPIRED | JWT token has expired (10hr limit) |
| 403 | FORBIDDEN | Valid token but insufficient permissions |
| 403 | INVALID_API_KEY | API key does not match any project |
| 429 | RATE_LIMITED | Too many requests (default: 100/min) |