Authentication
The PackEdge management API uses session-based authentication with HTTP-only cookies.
Login
POST /api/auth/loginjson
{
"email": "[email protected]",
"password": "your-password"
}Response:
json
{
"user": {
"id": "usr_xxx",
"email": "[email protected]",
"name": "Your Name",
"role": "developer"
}
}A session cookie is set automatically on the response. All subsequent requests include this cookie.
Register
POST /api/auth/registerjson
{
"email": "[email protected]",
"password": "min-8-chars",
"name": "Your Name"
}Get Current User
GET /api/auth/meReturns the authenticated user's profile.
Update Profile
PUT /api/auth/mejson
{
"name": "New Name",
"avatarUrl": "https://example.com/avatar.png"
}Change Password
POST /api/auth/change-passwordjson
{
"currentPassword": "old-password",
"newPassword": "new-password"
}Logout
POST /api/auth/logoutClears the session cookie and invalidates the token.
OAuth Login
PackEdge supports OAuth login with Google and GitHub:
GET /api/oauth/google— redirects to Google consent screenGET /api/oauth/github— redirects to GitHub authorization
After authorization, the user is redirected back to the dashboard with a session cookie set.
Session Details
- Token format: base32-encoded, 20 bytes
- Storage: SHA-256 hash stored in database
- Duration: 30 days
- Auto-refresh: refreshed when less than 15 days remaining
- Cookie flags:
HttpOnly,SameSite=None,Secure(production)
Edge API
The Edge API (/v1/*) does not require authentication. These public endpoints are designed for high-volume requests from WordPress installations.