Operator JWTs
Signup and login
- Signup
- Login
- Invitation
1
Initiate signup
Send
name and email to /auth/initiate-signup. The gateway rate-limits the request and sends an email-verification challenge.2
Verify the code
Send
email, six-character code, and type: email_verification to /auth/verify-otp when the UI flow requires explicit verification.3
Complete signup
Send
email, organizationName, a password of at least eight characters, and optional domain to /auth/complete-signup.Select an organization
Refresh
Other authentication contexts
Widget sessions
Widget sessions
The widget exchanges public configuration/visitor context for a short-lived token whose JWT type is
widget_session. Widget middleware rejects operator tokens and scopes the resulting connection.AI service
AI service
Internal tool endpoints use
x-ai-tool-secret. The header is only for trusted service-to-service calls on a private network.Provider webhooks
Provider webhooks
Email, Twilio, Telegram, and billing callbacks use provider-specific verification and rate limits rather than operator JWTs.

.png?fit=max&auto=format&n=2PCWzKfmo53nDkKR&q=85&s=9f6b13dc0c2829ec8db5437603939f93)