Authentication
Freeq supports two authentication paths: exchanging a project API key for an access token, or using the Auth0 sign-in flow. All protected endpoints require a Bearer token in the Authorization header.
Two paths:
- Auth0 flow — authenticate a user, receive an access token.
- API key sign‑in — exchange a project API key for an API token.
Sign in with API key
POST /api/v1/signin
Request
{ "key": "YOUR_API_KEY" }
Response (200)
{
"token": "string",
"walletId": 0,
"walletAddress": "string",
"emailAddress": "string",
"name": "string",
"versions": [ { "name": "string", "value": "string" } ]
}
cURL
curl -s -X POST "$FREEQ_API_URL/api/v1/signin" \
-H "Content-Type: application/json" \
-d '{"key":"'$FREEQ_PROJECT_KEY'"}'
JavaScript (fetch)
const base = process.env.FREEQ_API_URL || 'https://api.testnet.superfreeq.com';
const res = await fetch(`${base}/api/v1/signin`, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ key: process.env.FREEQ_PROJECT_KEY || 'YOUR_PROJECT_KEY' }),
});
const data = await res.json();
const token = data.token;
JWT authentication required
All protected endpoints require a valid JWT bearer token issued by Freeq.
Send the token in every request:
Authorization: Bearer YOUR_JWT_TOKEN
If the token is missing or invalid, the API returns:
401 Unauthorized— token is missing/invalid/expired403 Forbidden— token valid but lacks required project/org permissions
Third‑party auth callback
POST /api/v1/thirdparty-auth
Request
{ "userId": "string" }
cURL
curl -s -X POST "$FREEQ_API_URL/api/v1/thirdparty-auth" \
-H "Authorization: Bearer $FREEQ_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{"userId":"abc-123"}'