Authentication
API tokens, scopes, and how to authenticate REST requests.
API tokens
Create one at /settings/tokens → Create token. Each token:
- Is scoped to your user, not to one project. One token reads/writes any project you own.
- Starts with
jn_live_. - Can be revoked from the same settings page.
Note: A separate sandbox mode (
jn_test_tokens) is not yet available. A token with ajn_test_prefix is accepted but behaves exactly like a live token, so do not rely on it for isolated testing.
Sending the token
Pass the token in the Authorization header:
curl https://jaina.dev/api/v1/projects \
-H "Authorization: Bearer jn_live_..."
Errors
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid token |
403 Forbidden | Token valid but lacks access to the resource (e.g., another user's project) |
429 Too Many Requests | Rate limit exceeded; Retry-After header indicates wait |
Rate limits
Limits apply per token, per tier:
| Tier | Requests / hour |
|---|---|
| Free | 100 |
| Pro | 3,600 |
| Enterprise | 36,000 |
The window is a rolling hour. Burst traffic is allowed up to the limit; sustained traffic above the limit pauses with 429.
OAuth
End-user OAuth (Google, GitHub) is for users signing in to the GUI. It is not for API access — use API tokens for that. The CLI's jaina login flow uses OAuth to provision an API token for you behind the scenes.
