Dariet Voice Agent

Appearance

Authentication & API Keys

← Back to API Reference

Dariet uses JWT tokens for interactive sessions and long-lived API keys for server-to-server integrations.

Contents

POST /api/auth/login

Authenticate and receive a JWT token.

Request:

json
{
  "email": "user@example.com",
  "password": "your-password"
}

Response:

json
{
  "access_token": "eyJ...",
  "token_type": "bearer",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "user@example.com",
    "name": "User Name",
    "role": "admin",
    "is_active": true,
    "created_at": "2026-03-18T10:00:00"
  }
}

Use access_token as Authorization: Bearer <token> on all subsequent requests.

POST /api/auth/forgot-password

Send a password reset email. Always returns 200 regardless of whether the email exists (prevents enumeration).

json
{ "email": "user@example.com" }

POST /api/auth/reset-password

Reset password using the token received in the reset email.

json
{
  "token": "reset-token-from-email",
  "new_password": "new-secure-password"
}

GET /api/auth/me

Get the currently authenticated user's profile. Returns the same UserResponse shape as the login user field.

User Management (admin only)

GET /api/auth/users

List all users in the system.

POST /api/auth/users

Create a new user.

json
{
  "email": "newuser@example.com",
  "name": "New User",
  "password": "secure-password",
  "role": "viewer"
}

Roles: admin | viewer

PATCH /api/auth/users/{user_id}

Update a user. All fields optional: name, email, role, is_active, password.

DELETE /api/auth/users/{user_id}

Delete a user. You cannot delete your own account.

API Keys

API keys are long-lived tokens for server-to-server integrations. They start with dk_ and are shown in full only once at creation time.

GET /api/api-keys

List your active API keys. Returns metadata only — the full key is never shown again after creation.

Response:

json
[
  {
    "id": "uuid",
    "name": "CRM Integration",
    "key_prefix": "dk_a1b2c3d4",
    "created_at": "2026-03-18T10:00:00",
    "last_used_at": "2026-03-18T11:30:00"
  }
]

POST /api/api-keys

Create a new API key. Store the returned key immediately — it will not be shown again.

json
{ "name": "CRM Integration" }

Response:

json
{
  "id": "uuid",
  "name": "CRM Integration",
  "key_prefix": "dk_a1b2c3d4",
  "key": "dk_a1b2c3d4e5f6...full_key_here",
  "created_at": "2026-03-18T10:00:00",
  "last_used_at": null
}

DELETE /api/api-keys/{key_id}

Revoke an API key immediately. Any in-flight requests using it will fail.