uniqOS API
Personality & Emotional Intelligence Engine + Relational Memory
Authentication
- HTTP: Bearer Auth
- API Key: adminTokenAuth
All developer-facing endpoints accept the same Authorization: Bearer <token> header. The auth layer inspects the token: tokens with a uniq_live_ / uniq_test_ prefix are validated as API keys; everything else is verified as a JWT. See SPEC-15 §5 and §6. Portal (JWT) sessions are short-lived: an EXPIRED access token returns 401 with error code token_expired and a WWW-Authenticate: Bearer error="token_expired" header — the portal should call POST /v1/auth/refresh (which reads the httpOnly uniqos_refresh cookie) to obtain a new access token, then retry once. A structurally invalid token returns 401 with code invalid_token; the portal should re-authenticate.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | Either a uniqOS API key (uniq_live_… for production, uniq_test_… for sandbox) or a JWT issued by the portal sign-in flow. |
Temporary admin gate for /v1/admin/* endpoints. Will be replaced by RBAC once the backoffice ships — do not build long-term SDK flows on top of this scheme.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-Uniqos-Admin-Token |