Auth API
These endpoints handle user authentication for programmatic access to the dashboard API. For SDK/trace ingestion, use API keys instead.
POST /api/v1/auth/login
Authenticate with email and password to receive access and refresh tokens.
Request
POST /api/v1/auth/login
Content-Type: application/json
{
"email": "alice@company.com",
"password": "your_password"
}Response (200)
{
"data": {
"access_token": "eyJ...",
"refresh_token": "v1.MQ...",
"expires_at": 1742227200,
"user": {
"id": "user-uuid",
"email": "alice@company.com"
}
},
"error": null
}Fields
| Field | Type | Description |
|---|---|---|
access_token | string | JWT for authenticating subsequent requests |
refresh_token | string | Token for obtaining a new access token |
expires_at | integer | Unix timestamp when the access token expires |
user.id | string | Supabase user UUID |
user.email | string | User email address |
Error Responses
| Status | Description |
|---|---|
| 400 | Missing email or password |
| 401 | Invalid credentials |
POST /api/v1/auth/refresh
Exchange a refresh token for a new access token. Use this when the access token has expired.
Request
POST /api/v1/auth/refresh
Content-Type: application/json
{
"refresh_token": "v1.MQ..."
}Response (200)
{
"data": {
"access_token": "eyJ...",
"refresh_token": "v1.Mg...",
"expires_at": 1742230800,
"user": {
"id": "user-uuid",
"email": "alice@company.com"
}
},
"error": null
}Both the access and refresh tokens are rotated. Store the new refresh token — the old one is invalidated.
Error Responses
| Status | Description |
|---|---|
| 400 | Missing refresh token |
| 401 | Invalid or expired refresh token |
POST /api/v1/auth/logout
Sign out and invalidate the current session.
Request
POST /api/v1/auth/logout
Authorization: Bearer eyJ...Response (200)
{
"data": { "success": true },
"error": null
}Error Responses
| Status | Description |
|---|---|
| 401 | Missing or invalid access token |
Authentication Methods
2Signal uses two separate authentication systems:
| Method | Used By | Header |
|---|---|---|
| API Key | Python SDK, REST API trace/score/route endpoints | Authorization: Bearer 2s_live_... |
| Session Token | Dashboard, CLI, TUI, Auth API | Authorization: Bearer eyJ... (JWT) |
API keys are project-scoped and designed for server-to-server communication. Session tokens are user-scoped and provide access to all organizations and projects the user belongs to.
Example: CLI Authentication Flow
import httpx
BASE = "https://api.2signal.dev"
# Login
resp = httpx.post(f"{BASE}/api/v1/auth/login", json={
"email": "alice@company.com",
"password": "password123",
})
tokens = resp.json()["data"]
# Use access token for dashboard API calls
headers = {"Authorization": f"Bearer {tokens['access_token']}"}
orgs = httpx.get(f"{BASE}/api/trpc/organization.list", headers=headers)
# Refresh when token expires
resp = httpx.post(f"{BASE}/api/v1/auth/refresh", json={
"refresh_token": tokens["refresh_token"],
})
tokens = resp.json()["data"]
# Logout
httpx.post(f"{BASE}/api/v1/auth/logout", headers={
"Authorization": f"Bearer {tokens['access_token']}",
})