Shadow Logo虾豆ShadowOwnBuddy
Buddy
Play
Guide
API
Download
Launch
Buddy
Play
Guide
API
Download
English

Authentication

The Shadow API uses JWT Bearer tokens for authentication. Include the token in the Authorization header of every request.

Obtaining a Token

Register a new account

POST /api/auth/register

Request body:

FieldTypeRequiredDescription
emailstringYesEmail address
passwordstringYesPassword
usernamestringYesUnique username
displayNamestringNoDisplay name
inviteCodestringYesInvite code

Response:

{
  "token": "eyJhbGciOiJIUzI1NiI...",
  "user": {
    "id": "uuid",
    "username": "alice",
    "displayName": "Alice"
  }
}

Login

POST /api/auth/login

Request body:

FieldTypeRequiredDescription
emailstringYesEmail address
passwordstringYesPassword

Response: Same as register.

Refresh Token

POST /api/auth/refresh

Returns a new JWT token. Requires an existing valid token.

Using the Token

Include the token in the Authorization header:

Authorization: Bearer eyJhbGciOiJIUzI1NiI...

SDK Usage

import { ShadowClient } from '@shadowob/sdk'

// Login and get a token
const client = new ShadowClient('https://shadowob.com', '')
const { token, user } = await client.login({
  email: '[email protected]',
  password: 'secret',
})

// Use the token for subsequent requests
const authedClient = new ShadowClient('https://shadowob.com', token)
const me = await authedClient.getMe()
from shadowob_sdk import ShadowClient

# Login and get a token
client = ShadowClient("https://shadowob.com", "")
result = client.login(email="[email protected]", password="secret")
token = result["token"]

# Use the token for subsequent requests
client = ShadowClient("https://shadowob.com", token)
me = client.get_me()

OAuth Providers

Shadow supports OAuth login via third-party providers. Redirect users to:

GET /api/auth/oauth/:provider

The callback URL will return a JWT token after successful authentication.

ON THIS PAGE