Login
Authenticate with your username and password to obtain an access token.
Access tokens are required for most API endpoints. Include the token in the Authorization header as a Bearer token.
Endpoint
Request Body
Response
Bearer token for authentication
User information
User role (admin or user)
Whether user has admin privileges
Array of team objects the user belongs to
Example Request
curl -X POST https://your-umami-instance.com/api/auth/login \
-H "Content-Type: application/json" \
-d '{
"username": "admin",
"password": "your-password"
}'
Example Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"user": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "admin",
"role": "admin",
"createdAt": "2024-01-15T10:30:00.000Z",
"isAdmin": true,
"teams": [
{
"id": "660e8400-e29b-41d4-a716-446655440001",
"name": "Engineering",
"role": "team-manager"
}
]
}
}
Verify Token
Verify if a token is still valid.
Endpoint
POST /api/auth/verify
### Headers
<ParamField header="Authorization" type="string" required>
Bearer token obtained from login
</ParamField>
### Example Request
```bash curl
curl -X POST https://your-umami-instance.com/api/auth/verify \
-H "Authorization: Bearer YOUR_TOKEN"
Example Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"username": "admin",
"role": "admin",
"teams": [
{
"id": "660e8400-e29b-41d4-a716-446655440001",
"name": "Engineering"
}
]
}
Using the Token
Include the token in the Authorization header for all authenticated requests:
curl https://your-umami-instance.com/api/websites \
-H "Authorization: Bearer YOUR_TOKEN"
Store tokens securely and never expose them in client-side code or public repositories.
Logout
Invalidate the current authentication token.
Endpoint
Bearer token to invalidate
Example Request
curl -X POST https://your-umami-instance.com/api/auth/logout \
-H "Authorization: Bearer YOUR_TOKEN"