Sessions

Cookie-based

A successful login to Keybase will set a session cookie. This needs to be passed to all API's.

Client-Generated Auth Token

An alternative scheme is for the client to generate an Auth-Token. See `sig/post_auth` for more information on how to generate such a token. Once generated, the client should include the header:

X-Keybase-Auth-Token: uid,auth_token

Both the uid and auth_token fields should be given in hexidecimal representation. This validation will work as long as the auth_token isn't expired or the key that signed it isn't revoked.