Skip to main content

Endpoint

POST /api/auth/login

Authentication

No authentication required. Provide the master password to receive a session token.

Request Body

password
string
required
The master password configured during setup

Response

token
string
required
Session token to use for authenticated requests. Starts with fn_sess_ prefix.
expires_at
string
required
ISO 8601 timestamp indicating when the session expires

Error Responses

error
string
Error message when authentication fails
retry_after_seconds
number
Number of seconds to wait before retrying (returned when rate limited)

Status Codes

  • 200 OK - Authentication successful
  • 401 Unauthorized - Invalid password
  • 429 Too Many Requests - Rate limit exceeded after multiple failed attempts
  • 500 Internal Server Error - Server error during authentication

Rate Limiting

Fishnet implements progressive rate limiting to prevent brute-force attacks:
  • Failed login attempts trigger progressive delays
  • After multiple failures, requests are blocked with 429 status
  • The retry_after_seconds field indicates how long to wait
  • Successful login resets the rate limiter

Examples

curl -X POST http://localhost:3742/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"password": "my-secure-password"}'

Using the Session Token

After successful login, include the token in the Authorization header for protected endpoints: 
curl http://localhost:3742/api/status \
  -H "Authorization: Bearer fn_sess_..."

Build docs developers (and LLMs) love

Get started for freeTalk to us