Overview
Calls
- •signup
- •getsalt
- •login
- cors•user/lookup
- cors•<user>/pgp_keys.asc
- •key/add
- •key/fetch
- •session/killall
- •sig/next_seqno
- •sig/post
- •sig/post_auth
- cors•merkle/root
- cors•merkle/block
Other details
Docs > The API >
Requests
URL format
All Keybase URL's look like this:
https://keybase.io/_/api/1.0/<command>.json
POST requests
You must include a csrf_token with all POST requests (except signup). You can send this token
either in your post data (as "csrf_token") or in your http headers (as "X-CSRF-Token"). In turn,
all requests reply with a csrf token. For example, this is how you'd perform a login. It requires
two API calls:
- GET /salt - request a salt for the given user's username (and get a csrf token)
- calculate a password hash in the client (a function of password & salt)
- POST /login - including the hash and csrf_token
Cookies
API requests which require a logged in user must provide a session cookie for the user.
