Quickstart

This walks through the shortest path from nothing to a working session: create a tenant, sign a user in, and call an authenticated endpoint. Every step is a plain HTTP request.

1. Create a tenant

A tenant is your workspace. Creating one also creates its first admin user and returns a session for them.

curl -X POST https://api.limen.eu/v1/tenants \
  -H "content-type: application/json" \
  -d '{
    "name": "Acme",
    "email": "you@acme.eu",
    "password": "a-strong-password"
  }'

The response includes the tenant slug (derived from the name), the admin user, and a session:

{
  "tenant": { "slug": "acme", "name": "Acme" },
  "user": { "id": "...", "email": "you@acme.eu", "role": "Admin" },
  "accessToken": "eyJhbGciOiJIUzI1Ni␣...",
  "refreshToken": "...",
  "accessTokenExpiresIn": 900,
  "refreshTokenExpiresIn": 2592000
}
Prefer the console?

You can do the same thing in the Console — it creates the tenant and drops you into the dashboard.

2. Sign a user in

Once a tenant exists, authenticate a user against its slug:

curl -X POST https://api.limen.eu/v1/acme/auth/login \
  -H "content-type: application/json" \
  -d '{ "email": "you@acme.eu", "password": "a-strong-password" }'

You get back the same session shape — an accessToken (valid 15 minutes) and a refreshToken (valid 30 days).

MFA

If the tenant requires MFA, login responds 401 with details.reason = "mfa_required". Resend the request with a totpCode or emailOtpCode. See Multi-factor auth.

3. Make an authenticated request

Send the access token as a bearer credential:

curl https://api.limen.eu/v1/acme/me \
  -H "Authorization: Bearer <accessToken>"
{
  "id": "...",
  "email": "you@acme.eu",
  "role": "Admin",
  "tenant": { "slug": "acme", "name": "Acme" }
}

That's a full round trip. From here: