Quickstart
This walks through the shortest path from nothing to a working session: create a tenant, sign a user in, and call an authenticated endpoint. Every step is a plain HTTP request.
1. Create a tenant
A tenant is your workspace. Creating one also creates its first admin user and returns a session for them.
curl -X POST https://api.limen.eu/v1/tenants \
-H "content-type: application/json" \
-d '{
"name": "Acme",
"email": "you@acme.eu",
"password": "a-strong-password"
}'
The response includes the tenant slug (derived from the name), the admin
user, and a session:
{
"tenant": { "slug": "acme", "name": "Acme" },
"user": { "id": "...", "email": "you@acme.eu", "role": "Admin" },
"accessToken": "eyJhbGciOiJIUzI1Ni␣...",
"refreshToken": "...",
"accessTokenExpiresIn": 900,
"refreshTokenExpiresIn": 2592000
}
You can do the same thing in the Console — it creates the tenant and drops you into the dashboard.
2. Sign a user in
Once a tenant exists, authenticate a user against its slug:
curl -X POST https://api.limen.eu/v1/acme/auth/login \
-H "content-type: application/json" \
-d '{ "email": "you@acme.eu", "password": "a-strong-password" }'
You get back the same session shape — an accessToken (valid 15 minutes) and a
refreshToken (valid 30 days).
If the tenant requires MFA, login responds 401 with
details.reason = "mfa_required". Resend the request with a totpCode or
emailOtpCode. See Multi-factor auth.
3. Make an authenticated request
Send the access token as a bearer credential:
curl https://api.limen.eu/v1/acme/me \
-H "Authorization: Bearer <accessToken>"
{
"id": "...",
"email": "you@acme.eu",
"role": "Admin",
"tenant": { "slug": "acme", "name": "Acme" }
}
That's a full round trip. From here:
- Keep the session alive by refreshing tokens.
- Issue API keys for server-to-server calls.
- Read the API reference for every endpoint.