> ## Documentation Index
> Fetch the complete documentation index at: https://bobprince.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your API requests

All Hookdrop API requests must include a valid Bearer token in the `Authorization` header.

**Base URL:** `https://hookdrop.dev/api`

<Warning>
  Never share your access token. Treat it like a password — anyone who has it can make requests on your behalf.
</Warning>

## Register

Create a new Hookdrop account. You can also sign up at [hookdrop.dev/auth/register](https://hookdrop.dev/auth/register).

```bash theme={null}
curl -X POST https://hookdrop.dev/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "name": "Your Name", "password": "yourpassword"}'
```

**Request body**

<ParamField body="email" type="string" required>
  Your email address. Must be unique — returns `409` if already registered.
</ParamField>

<ParamField body="name" type="string" required>
  Your display name.
</ParamField>

<ParamField body="password" type="string" required>
  Your chosen password.
</ParamField>

**Response** — `201 Created`

```json theme={null}
{
  "user": {
    "id": "3f6e2a91-bd14-4c3a-9c71-8e2d1f0a4b56",
    "email": "you@example.com",
    "name": "Your Name",
    "plan": "free"
  },
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

***

## Login

Exchange your email and password for an access token and a refresh token.

```bash theme={null}
curl -X POST https://hookdrop.dev/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "password": "yourpassword"}'
```

**Request body**

<ParamField body="email" type="string" required>
  The email address associated with your Hookdrop account.
</ParamField>

<ParamField body="password" type="string" required>
  Your account password.
</ParamField>

**Response**

```json theme={null}
{
  "user": {
    "id": "3f6e2a91-bd14-4c3a-9c71-8e2d1f0a4b56",
    "email": "you@example.com",
    "name": "Ada Lovelace",
    "plan": "free"
  },
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

<ResponseField name="user" type="object" required>
  The authenticated user.

  <Expandable title="properties">
    <ResponseField name="id" type="string">
      Unique identifier for the user.
    </ResponseField>

    <ResponseField name="email" type="string">
      The user's email address.
    </ResponseField>

    <ResponseField name="name" type="string">
      The user's display name.
    </ResponseField>

    <ResponseField name="plan" type="string">
      The user's current plan (`free`, `starter`, `pro`, `team`).
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="accessToken" type="string" required>
  A JWT used to authenticate API requests. Expires after **15 minutes**.
</ResponseField>

<ResponseField name="refreshToken" type="string" required>
  A long-lived token used to obtain a new access token. Expires after 30 days.
</ResponseField>

## Refresh your token

Access tokens expire after 15 minutes. Use your refresh token to get a new access token without logging in again.

```bash theme={null}
curl -X POST https://hookdrop.dev/api/auth/refresh \
  -H "Content-Type: application/json" \
  -d '{"refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."}'
```

**Request body**

<ParamField body="refreshToken" type="string" required>
  The refresh token you received when you logged in.
</ParamField>

**Response**

```json theme={null}
{
  "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
```

<ResponseField name="accessToken" type="string" required>
  A new JWT access token. Valid for 15 minutes.
</ResponseField>

## Use the token

Pass your access token in the `Authorization` header on every API request.

```bash theme={null}
curl https://hookdrop.dev/api/endpoints \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
```
