Authentication
All API requests (except login) require a JWT Bearer token.
Login
POST /api/auth/login
Body:
{
"username": "admin",
"password": "{{password}}"
}
Response:
{
"token": "eyJhbGciOiJIUzUxMiJ9...",
"type": "Bearer",
"id": 1,
"username": "admin",
"email": "admin@proofarc.ai",
"roles": ["ADMIN", "ANALYST", "VIEWER"]
}
Using the Token
Include the token in the Authorization header for all subsequent requests:
Authorization: Bearer eyJhbGciOiJIUzUxMiJ9...
Roles
| Role | Permissions |
|---|---|
ADMIN | Full access: users, templates, scripts, settings |
ANALYST | Create/run tests, scans, scenarios. View results |
VIEWER | Read-only access to results and dashboards |
Token Lifetime
Tokens expire after 30 days by default. When a token expires, call the login endpoint again to get a new one.
Shell Helper
# Save token for reuse
export CSS_URL="https://app.proofarc.ai"
export CSS_TOKEN=$(curl -s $CSS_URL/api/auth/login -X POST \
-H "Content-Type: application/json" \
-d '{"username":"admin","password":"{{password}}"}' | jq -r '.token')
# Use in requests
curl -H "Authorization: Bearer $CSS_TOKEN" $CSS_URL/api/projects