Skip to content
inboard

Password Auth

Password authentication is enabled by default. Users sign in with an email address and password.

Configuration

Section titled “Configuration”

Password auth is controlled by a single setting:

auth:
  password_enabled: true  # default

To disable password auth (for example, after setting up SSO):

auth:
  password_enabled: false

Login

Section titled “Login”

Send a POST request to the login endpoint:

Terminal window
curl -X POST http://localhost:8080/api/v1/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "admin@example.com", "password": "changeme"}'

Response

Section titled “Response”
{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "email": "admin@example.com",
    "name": "Admin",
    "role": "admin",
    "has_avatar": false
  }
}

Using the token

Section titled “Using the token”

Include the JWT in the Authorization header for all subsequent requests:

Terminal window
curl http://localhost:8080/api/v1/users \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."

Creating users

Section titled “Creating users”

Admins can create new users with password auth:

Terminal window
curl -X POST http://localhost:8080/api/v1/users \
  -H "Authorization: Bearer $ADMIN_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "analyst@example.com",
    "name": "Jane Analyst",
    "password": "initial-password",
    "role": "member"
  }'

Failed login attempts

Section titled “Failed login attempts”

Failed login attempts return a 401 Unauthorized response and are logged as login_failed audit events. See Audit & Compliance for details.