Skip to main content

Authentication

All API requests (except login) require a JWT Bearer token.

Login

POST /api/auth/login

Body:

{
"username": "admin",
"password": "{{password}}"
}

Response:

{
"token": "eyJhbGciOiJIUzUxMiJ9...",
"type": "Bearer",
"id": 1,
"username": "admin",
"email": "admin@proofarc.ai",
"roles": ["ADMIN", "ANALYST", "VIEWER"]
}

Using the Token

Include the token in the Authorization header for all subsequent requests:

Authorization: Bearer eyJhbGciOiJIUzUxMiJ9...

Roles

RolePermissions
ADMINFull access: users, templates, scripts, settings
ANALYSTCreate/run tests, scans, scenarios. View results
VIEWERRead-only access to results and dashboards

Token Lifetime

Tokens expire after 30 days by default. When a token expires, call the login endpoint again to get a new one.

Shell Helper

# Save token for reuse
export CSS_URL="https://app.proofarc.ai"
export CSS_TOKEN=$(curl -s $CSS_URL/api/auth/login -X POST \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"{{password}}"}' | jq -r '.token')

# Use in requests
curl -H "Authorization: Bearer $CSS_TOKEN" $CSS_URL/api/projects