Your API key:

All requests below will use this key. Your API key is sent directly to api.cueapi.ai and never stored by the docs site.

POST/v1/auth/session

Create Session

Exchange a one-time session token (from device-code login) for a JWT session. Used by the dashboard.

Exchanges a single-use session_token (issued by the device-code flow) for a JWT-backed session. Used by the dashboard to establish a browser session after the user clicks the magic link.

Note

No bearer auth required. The session_token itself is the credential and is consumed on exchange. Sending the same token twice returns 401 invalid_token.

Request

bash

curl -X POST https://api.cueapi.ai/v1/auth/session \
  -H "Content-Type: application/json" \
  -d '{"token": "stk_a1b2c3d4e5f6…"}'

Response

json

{
  "session_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.…",
  "email": "[email protected]"
}

Token shape

The returned session_token is a signed JWT with:

sub = user ID
email = user email
1-year expiry by default
HS256 signature

Use it as Authorization: Bearer <jwt> on any endpoint that accepts session JWTs (most authenticated endpoints accept either an API key or a session JWT).

Refresh

Use POST /v1/auth/session/refresh to issue a fresh JWT before expiry — requires a valid (non-expired) session token in the bearer header.

Errors

Status	Code	Cause
401	`invalid_token`	`session_token` is invalid, expired, or already consumed
401	`user_not_found`	Token references a deleted account
503	`session_unavailable`	JWT signing key not configured on this deployment

POST/v1/auth/session

Try it

Request Body

Enter your API key above to send requests

Previous← Device Code NextRefresh Session →