Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.withleaf.io/llms.txt

Use this file to discover all available pages before exploring further.

Leaf uses JWT (JSON Web Token) authentication. You send your email and password to the authenticate endpoint, get back a token, and include that token as a Bearer header on every subsequent request.

Get a token

Send a POST request to the authenticate endpoint: 
https://api.withleaf.io/api/authenticate

curl -X POST \
  -H 'Content-Type: application/json' \
  -d '{"username":"your-email@example.com","password":"your-password","rememberMe":"true"}' \
  'https://api.withleaf.io/api/authenticate'
The response: 
{
  "id_token": "eyJhbGciOi..."
}

Token lifecycle

The rememberMe field controls how long your token lasts:
rememberMeToken duration
"true"30 days
"false"24 hours
When a token expires, request a new one from the same endpoint. There is no refresh token flow; you re-authenticate with credentials.

Using the token

Include the token in the Authorization header of every API request: 
curl -H 'Authorization: Bearer eyJhbGciOi...' \
  'https://api.withleaf.io/services/usermanagement/api/users'
If the token is missing, expired, or invalid, the API returns a 401 Unauthorized response.

Multiple environments

Leaf does not provide separate test and production environments. Instead, create distinct API owner accounts for each:
  • leaf-test@yourcompany.com for development and testing
  • leaf-prod@yourcompany.com for production
Each API owner has its own token, Leaf users, configurations, and billing. This keeps test data isolated from production.
Your contract may include a testing acre allotment. Make sure all test-related API calls use your test API owner account so testing usage is tracked separately.

What to do next

Last modified on March 24, 2026