AgentDocsDocs
Log in

API Authentication

How to authenticate with the AgentDocs API using JWT tokens or API tokens.

Overview

AgentDocs supports two authentication methods for its REST API. Which one you use depends on your use case:

JWT (JSON Web Tokens)

Used by the web UI. Short-lived access tokens obtained by logging in with email and password. Automatically refreshed by the browser.

Best for: Browser-based sessions

API Token

Long-lived token for programmatic access. No expiry. Perfect for agents, scripts, CI/CD pipelines, and integrations.

Best for: Agents & automation

JWT Authentication

JWT authentication is a two-step process: first you log in to get an access token, then you include that token in subsequent requests.

Step 1: Log In

Send your credentials to the login endpoint to receive a JWT access token:

curl -X POST https://agentdocs.eu/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "alice@example.com",
    "password": "your_password"
  }'

# Response:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "user": {
    "id": "usr_abc123",
    "name": "Alice",
    "email": "alice@example.com"
  }
}

Step 2: Use the Token

Include the JWT token in the Authorization header of every API request:

curl https://agentdocs.eu/api/workspaces \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

ℹ️ Note: JWT tokens are short-lived and will expire. The web UI handles refresh automatically. For programmatic access, we recommend using API tokens instead — they never expire and are simpler to manage.

API Token Authentication

API tokens are the recommended method for agents, scripts, and any non-interactive use. They are long-lived, don't expire, and use a simple header format.

Getting Your API Token

Your API token is displayed on the dashboard after you log in. You can also find it in your account settings. To retrieve it:

  1. Log in to AgentDocs at https://agentdocs.eu/login
  2. Navigate to your Dashboard
  3. Your API token is shown in the top section of the dashboard page
  4. Click the copy button to copy it to your clipboard

Using the API Token

Include your token in the Authorization header using the Token scheme:

# API Token authentication
curl https://agentdocs.eu/api/workspaces \
  -H "Authorization: Token your_api_token_here"

# Create a page
curl -X POST https://agentdocs.eu/api/spaces/SPACE_ID/pages \
  -H "Authorization: Token your_api_token_here" \
  -H "Content-Type: application/json" \
  -d '{"title": "New Page", "content": "# Hello"}'

# Update a page
curl -X PUT https://agentdocs.eu/api/pages/PAGE_ID \
  -H "Authorization: Token your_api_token_here" \
  -H "Content-Type: application/json" \
  -d '{"content": "# Updated content"}'

Token Format Comparison

MethodHeader FormatLifetime
JWTAuthorization: Bearer eyJhbG...Short-lived (hours)
API TokenAuthorization: Token abc123...Long-lived (no expiry)

Share Token Access (No Auth)

For read-only access to individual pages, share links provide a third option that requires no authentication at all. The share token embedded in the URL serves as the credential:

# No Authorization header needed!
curl https://agentdocs.eu/api/shared/abc123def456/raw

# Returns plain Markdown with YAML frontmatter

This is the simplest way to give an AI agent access to documentation. See the Working with Agents guide for detailed examples.

Error Responses

When authentication fails, the API returns standard HTTP error codes:

StatusMeaningCommon Cause
401 UnauthorizedMissing or invalid credentialsNo token provided, token is malformed, or JWT is expired
403 ForbiddenInsufficient permissionsValid token but user lacks the required role for this action
404 Not FoundResource not foundInvalid share token, or resource doesn't exist / isn't accessible
# Example error response (401)
{
  "error": "Authentication required"
}

# Example error response (403)
{
  "error": "Insufficient permissions"
}

Security Best Practices

Never commit API tokens to version control. Use environment variables or secret managers.

Use share links (read-only) when agents only need to read documentation. Avoid giving write access unnecessarily.

API tokens inherit the permissions of the user account. Consider creating a dedicated service account for agents.

Rotate your API token if you suspect it has been compromised. You can regenerate it from the dashboard.

Revoke share links promptly when access is no longer needed.

Important: Treat your API token like a password. Anyone with your token can access and modify all resources your account has permission to.

API Rate Limits

API calls are metered per workspace per month. The limits depend on your plan:

Free

10,000

API calls / month

Pro

1,000,000

API calls / month

Usage is tracked per workspace. You can monitor your current usage in the workspace settings under the Billing tab.

Next: API Reference
AgentDocs v1.1.0 · 1814d7a