Documentation Index
Fetch the complete documentation index at: https://docs.shinzo.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
Authentication endpoints handle user account management, session tokens, and OAuth flows. Most endpoints in this group do not require authentication, as they are used to establish credentials.
Authentication Methods
| Method | Description |
|---|
| Email/Password | Register with email and password, verify email, then log in to receive a JWT token |
| Google OAuth | Sign in using a Google account |
| GitHub OAuth | Sign in using a GitHub account |
Endpoints
Account Management
| Method | Endpoint | Description |
|---|
POST | /auth/create_user | Register a new user account |
POST | /auth/login | Log in and receive a JWT token |
POST | /auth/verify_user | Verify email address |
POST | /auth/resend_verification | Resend verification email |
GET | /auth/fetch_user | Get current user profile |
GET | /auth/fetch_user_quota | Get usage quota and limits |
OAuth
| Method | Endpoint | Description |
|---|
GET | /auth/oauth/google | Get Google OAuth authorization URL |
POST | /auth/oauth/google/callback | Handle Google OAuth callback |
GET | /auth/oauth/github | Get GitHub OAuth authorization URL |
POST | /auth/oauth/github/callback | Handle GitHub OAuth callback |
OAuth Flow
OAuth authentication follows a two-step process:
- Get Authorization URL — Call the provider’s authorization endpoint to receive a redirect URL
- Handle Callback — After the user authorizes with the provider, send the authorization code to the callback endpoint to receive a JWT token
OAuth users don’t need to verify their email separately. If a user with the same email already exists (registered via email/password), the accounts are linked.
Token Lifecycle
- Register an account or sign in via OAuth
- Verify your email (email/password only)
- Log in to receive a JWT token
- Include the token in subsequent API requests via the
Authorization: Bearer <token> header
- Tokens expire after 24 hours — log in again to obtain a new one
For API key-based authentication (no expiry), see Platform API Keys.
