​

Console Auth Flow

​

Supported Modes

• Email/password: proxied to Sandbox API login
• API key: validated locally in the console
• Token refresh: re-issues a session using an existing JWT
• Dev login: optional in non-production

​

Session Cookies

• session: signed JWT containing orgId and userId
• sandbox_session: sandbox token used for Sandbox API calls
• api_key: stored API key for API-key auth

​

Typical Flow

1. Client posts credentials to /api/auth/login.
2. Console validates via Sandbox API or local API key logic.
3. Console sets session cookies and returns user/org metadata.

​

Related Documentation

• Console Architecture
• Console API Reference