Authentication¶

The Blind Insight API supports three authentication methods. Choose based on your use case.

Method	Best for
Basic Auth	Quick scripts, local testing
JWT Bearer tokens	Production applications, SDKs
Cookie / Session	Browser-based access

All authenticated endpoints require credentials on every request. There are no public endpoints except GET /api/status/.

Basic Authentication¶

Pass your email and password as a Base64-encoded Authorization header.

curlPythonHTTP

curl https://api.app.blindinsight.io/api/users/self/ \
  -u "your@email.com:yourpassword"

import requests

response = requests.get(
    "https://api.app.blindinsight.io/api/users/self/",
    auth=("your@email.com", "yourpassword"),
)

GET /api/users/self/ HTTP/2
Host: api.app.blindinsight.io
Authorization: Basic <base64("your@email.com:yourpassword")>

Basic Auth sends credentials on every request. Use JWT tokens for production.

JWT Authentication¶

JWT tokens are the recommended method for production applications. Obtain an access/refresh token pair by posting your credentials, then include the access token as a Bearer header.

Obtain tokens¶

POST /api/token/ HTTP/2
Host: api.app.blindinsight.io
Content-Type: application/json

{
  "email": "your@email.com",
  "password": "yourpassword"
}

{
  "access": "eyJ0eXAiOiJKV1Q...",
  "refresh": "eyJ0eXAiOiJKV1Q..."
}

Use the access token¶

curlPython

curl https://api.app.blindinsight.io/api/users/self/ \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1Q..."

import requests

token = "eyJ0eXAiOiJKV1Q..."

response = requests.get(
    "https://api.app.blindinsight.io/api/users/self/",
    headers={"Authorization": f"Bearer {token}"},
)

Refresh the access token¶

Access tokens expire. Use the refresh token to get a new access token without re-entering your password.

POST /api/token/refresh/ HTTP/2
Content-Type: application/json

{"refresh": "eyJ0eXAiOiJKV1Q..."}

{ "access": "eyJ0eXAiOiJKV1Q..." }

Verify a token¶

Check whether a token is valid and not expired.

POST /api/token/verify/ HTTP/2
Content-Type: application/json

{"token": "eyJ0eXAiOiJKV1Q..."}

Returns 200 OK if valid, 401 Unauthorized if expired or invalid.

Session Authentication¶

Browser-based clients can authenticate using a session cookie. Log in to obtain a sessionid cookie, then include it on subsequent requests.

POST /api/accounts/login/ HTTP/2
Content-Type: application/json

{
  "email": "your@email.com",
  "password": "yourpassword"
}

On success, the response sets a sessionid cookie. Include it on subsequent requests:

GET /api/datasets/ HTTP/2
Cookie: sessionid=<session_id>

Logout¶

POST /api/accounts/logout/ HTTP/2
Cookie: sessionid=<session_id>

Account Management¶

Register a new account¶

POST /api/accounts/register/ HTTP/2
Content-Type: application/json

{
  "email": "your@email.com",
  "password": "yourpassword"
}

After registering, verify your email:

POST /api/accounts/verify-registration/ HTTP/2
Content-Type: application/json

{"key": "<verification_key_from_email>"}

Change password¶

POST /api/accounts/change-password/ HTTP/2
Authorization: Bearer <token>
Content-Type: application/json

{
  "old_password": "currentpassword",
  "new_password": "newpassword"
}

Reset a forgotten password¶

First, request a reset link:

POST /api/accounts/send-reset-password-link/ HTTP/2
Content-Type: application/json

{"email": "your@email.com"}

Then submit the token from the email:

POST /api/accounts/reset-password/ HTTP/2
Content-Type: application/json

{
  "token": "<token_from_email>",
  "password": "newpassword"
}

CSRF Token¶

Browser clients making state-changing requests need a CSRF token. Retrieve it before making POST, PUT, PATCH, or DELETE requests:

GET /api/csrf/ HTTP/2

Include the returned token as a X-CSRFToken header.

Next Steps¶

API Reference Overview — full endpoint list
Using the Blind Proxy — required for encrypted operations