D

Authentication

Authentication

Dokki API supports browser sessions, Supabase bearer tokens, and Dokki API keys. Server-to-server integrations should use an API key created by an administrator.

Send a bearer token

curl https://dokki.one/api/v1/me \
  -H "Authorization: Bearer $DOKKI_API_KEY"

Never put a key in a browser bundle, public repository, URL query string, or client-side logs.

Verify the principal

GET /api/v1/me returns:

  • type: authentication mode.

  • user_id: the Dokki user acting on the request.

  • org_id: the API key tenant, or null for Personal scope.

  • key_id: the key identifier when using an API key.

  • scopes: effective API capabilities.

Authentication failures

  • 401 unauthorized: missing, invalid, expired, or revoked credentials.

  • 403 insufficient_scope: the credential is valid but lacks the endpoint scope.

  • 403 forbidden: the credential scope is valid but tenant or object permission denies access.

AI-agent guidance

Do not ask users to paste secrets into a chat. Ask them to create or authorize a key in Dokki, then store it in the host application's secret manager.