Authentication
API tokens, scopes, and how to authenticate REST requests.
API tokens
Create one at /settings/tokens → Create token. Each token:
- Is scoped to your user, not to one project. One token reads/writes any project you own.
- Starts with
jn_live_for live tokens,jn_test_for sandbox. - Can be revoked from the same settings page.
Sending the token
Pass the token in the Authorization header:
curl https://jaina.dev/api/v1/projects \
-H "Authorization: Bearer jn_live_..."
Errors
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid token |
403 Forbidden | Token valid but lacks access to the resource (e.g., another user's project) |
429 Too Many Requests | Rate limit exceeded; Retry-After header indicates wait |
Rate limits
Limits apply per token, per tier:
| Tier | Requests / minute |
|---|---|
| Free | 60 |
| Pro | 600 |
| Enterprise | 6000 |
The window is rolling. Burst traffic is allowed up to the limit; sustained traffic above the limit pauses with 429.
OAuth
End-user OAuth (Google, GitHub) is for users signing in to the GUI. It is not for API access — use API tokens for that. The CLI's jaina login flow uses OAuth to provision an API token for you behind the scenes.