Documentation

How sessions work

There are two distinct tokens — don't mix them up:

  • App-session token — returned by /init as session. Send it as Authorization: Bearer <token>on every other client call. Valid ~1 hour; re-init when it expires.
  • User session id — a UUID returned by /register, /login and /license in the session field. Pass it in the body of /check, /var and /file to prove the user is still logged in.