Overview
Calls
- •signup
- •getsalt
- •login
- cors•user/lookup
- cors•<user>/pgp_keys.asc
- •key/add
- •key/fetch
- •session/killall
- •sig/next_seqno
- •sig/post
- •sig/post_auth
- cors•merkle/root
- cors•merkle/block
Other details
Docs > The API >
Sessions
Cookie-based
A successful login to Keybase will set a session cookie. This needs
to be passed to all API's.
Client-Generated Auth Token
An alternative scheme is for the client to generate an Auth-Token. See `sig/post_auth` for more information on how to generate such a token. Once generated, the client should include the header:
X-Keybase-Auth-Token: uid,auth_token
Both the uid and auth_token fields should be given in hexadecimal representation. This validation will work as long as the auth_token isn't expired or the key that signed it isn't revoked.
