API authentication

The dough API uses JWT-based authentication. All API requests must include a valid token in the Authorization header.

Obtaining a token

Authenticate with your dough credentials to receive a JWT:

POST /api/auth/login
Content-Type: application/json

{
  "email": "[email protected]",
  "password": "your-password"
}

The response includes a JWT valid for 7 days:

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "expires_at": "2025-03-22T14:30:00Z"
}

Using the token

Include the token in the Authorization header of every request:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Token refresh

Tokens are refreshed automatically on each authenticated request. The refreshed token is returned in the response headers.

Rate limiting

The API enforces rate limits per authenticated user. If you exceed the limit, you will receive a 429 Too Many Requests response with a Retry-After header.

Note

The API is intended for advanced users and developers building integrations on top of dough. Most creators will never need to use it directly.