Authentication

The Forte Platforms API uses cookie-based session authentication with Google OAuth.

Overview

All API requests require authentication via session cookies. The API does not support API keys or tokens at this time.

Session Expiry

Sessions expire after 7 days of inactivity. You'll need to re-authenticate after this period.

Authentication Flow

  1. User initiates login via Google OAuth
  2. Backend validates OAuth token
  3. Server sets httpOnly session cookie
  4. All subsequent requests include cookie automatically

API Endpoints

POST /api/accounts/google-auth-login-callback

Exchange Google OAuth token for session cookie.

Request Body:

{
  "credential": "google_oauth_token",
  "csrfToken": "csrf_token_from_state"
}

Response:

{
  "id": "acc_123",
  "email": "user@example.com",
  "name": "John Doe"
}

GET /api/accounts/me

Get current authenticated user.

Response:

{
  "id": "acc_123",
  "email": "user@example.com",
  "name": "John Doe",
  "createdAt": "2024-01-15T10:30:00Z"
}

POST /api/accounts/logout

Log out and clear session cookie.

Using the API Client

import { ForteApi } from '@/services/ForteApi'

// API client is automatically configured
const account = await ForteApi.accountsApi.getAccount1()

Error Handling

All authentication errors return 401 Unauthorized:

{
  "error": "UNAUTHORIZED",
  "message": "You must be logged in to access this resource"
}