Skip to main content
Leaf uses JWT (JSON Web Token) authentication. You exchange your API owner credentials for a token, then pass that token in the Authorization header of every request. For conceptual background — multiple environments, token usage patterns — see Authentication.

Base URL

https://api.withleaf.io/api

Endpoints

ActionMethodPath
Get a tokenPOST/authenticate

Get a token

POST /authenticate Exchanges API owner credentials for a JWT token.

Request body

FieldTypeRequiredDescription
usernamestringYesYour API owner email address.
passwordstringYesYour API owner password.
rememberMestringNo"true" for a 30-day token, "false" for a 24-hour token. Defaults to "false".

Token duration

rememberMeToken duration
"true"30 days
"false"24 hours
When a token expires, request a new one from the same endpoint. There is no refresh token flow.

Request

curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"username":"your-email@example.com","password":"your-password","rememberMe":"true"}' \
  'https://api.withleaf.io/api/authenticate'

Response

{
  "id_token": "eyJhbGciOi..."
}

Using the token

Include the token in the Authorization header of every API request: 
Authorization: Bearer eyJhbGciOi...

Error responses

StatusMeaning
401 UnauthorizedCredentials are invalid, or the token is missing, expired, or malformed.
Last modified on March 23, 2026