Auth API

Detailed reference for endpoints, authentication, channels, messages, environment endpoints, and data models in this integration area.

OpenAPI referencev3.0.0Auth

Omen Auth API

Authentication and identity service for the Omen platform. Provides email OTP, password, passkey (WebAuthn), and OAuth (Google/Apple) login flows, JWT token management with rotating refresh tokens, wallet linking, API token generation, product selection with geoblocking, and a JWKS endpoint for downstream signature verification. ## Base URL | Environment | URL | |-------------|-----| | Local dev | `http://localhost:3

Environment endpoints

Local devhttp://localhost:3100Local dev

Authentication

bearerAuthhttpbearer

JWT access token issued by omen-auth.

cookieAuthapiKeyrefresh_token

HttpOnly refresh token cookie set by omen-auth.

Endpoints

Method	Path	Summary	Tags
GET	/health	Health check	Tokens
POST	/auth/otp/request	Request OTP code	OTP
POST	/auth/otp/verify	Verify OTP and get tokens	OTP
POST	/auth/password/signup/request	Request first-password setup code	Password
POST	/auth/password/signup	Add password to verified account	Password
POST	/auth/password/login	Log in with password	Password
POST	/auth/password/reset/request	Request password reset code	Password
POST	/auth/password/reset/confirm	Confirm password reset	Password
POST	/auth/username/signup	Sign up with username and password	Password
POST	/auth/username/login	Log in with username and password	Password
POST	/auth/passkey/register/begin	Begin passkey registration	Passkey
POST	/auth/passkey/register/complete	Complete passkey registration	Passkey
POST	/auth/passkey/login/begin	Begin passkey login	Passkey
POST	/auth/passkey/login/complete	Complete passkey login	Passkey
POST	/auth/oauth/google	Google OAuth login	OAuth
POST	/auth/oauth/apple	Apple OAuth login	OAuth
POST	/auth/refresh	Rotate refresh token	Tokens
POST	/auth/logout	Logout (revoke session)	Tokens
GET	/auth/me	Get current user	Tokens
GET	/auth/username/available	Check username availability	User
PATCH	/auth/me/username	Update username	User
POST	/auth/wallet/link	Link EVM wallet	Wallet
DELETE	/auth/wallet/link	Unlink wallet	Wallet
GET	/auth/wallet	Get linked wallet	Wallet
POST	/auth/email/request	Request email verification code	User
POST	/auth/email/confirm	Verify code and link email to account	User
POST	/auth/api-tokens	Create API token	API Tokens
GET	/auth/api-tokens	List API tokens	API Tokens
DELETE	/auth/api-tokens/{id}	Revoke API token	API Tokens
GET	/auth/products	List available products	Products
POST	/auth/products	Set active product	Products
POST	/auth/mfa/totp/enroll	Begin TOTP enrollment from an aal3 session	MFA
POST	/auth/mfa/totp/enroll/password	Begin TOTP enrollment with password step-up	MFA
POST	/auth/mfa/totp/enroll/oauth/google	Begin TOTP enrollment with Google step-up	MFA
POST	/auth/mfa/totp/enroll/oauth/apple	Begin TOTP enrollment with Apple step-up	MFA
POST	/auth/mfa/totp/confirm	Confirm TOTP enrollment	MFA
DELETE	/auth/mfa/totp	Disable MFA	MFA
DELETE	/auth/passkey/{id}	Delete a passkey credential	Passkey
POST	/auth/mfa/verify	Verify TOTP code (login flow)	MFA
POST	/auth/mfa/recovery	Use recovery code (login flow)	MFA
POST	/auth/mfa/step-up	Step-up to AAL2	MFA
GET	/auth/mfa/status	Get MFA enrollment status	MFA
POST	/auth/mfa/recovery-codes/regenerate	Generate or regenerate recovery codes	MFA
POST	/auth/recovery/login	Log in with a recovery code	MFA
GET	/auth/intercom/session	Get Intercom identity verification token	Intercom
GET	/auth/analytics/token	Get analytics verification token	Analytics
GET	/.well-known/jwks.json	JSON Web Key Set	JWKS
POST	/auth/native/otp/request	Request OTP code (native)	Native
POST	/auth/native/otp/verify	Verify OTP and get tokens (native)	Native
POST	/auth/native/password/signup/request	Request first-password setup code (native)	Native
POST	/auth/native/password/signup	Add password to verified account (native)	Native
POST	/auth/native/password/login	Log in with password (native)	Native
POST	/auth/native/username/signup	Sign up with username and password (native)	Native
POST	/auth/native/username/login	Log in with username and password (native)	Native
POST	/auth/native/password/reset/request	Request password reset code (native)	Native
POST	/auth/native/password/reset/confirm	Confirm password reset (native)	Native
POST	/auth/native/oauth/google	Google OAuth login (native)	Native
POST	/auth/native/oauth/apple	Apple OAuth login (native)	Native
POST	/auth/native/passkey/login/begin	Begin passkey login (native)	Native
POST	/auth/native/passkey/login/complete	Complete passkey login (native)	Native
POST	/auth/native/refresh	Rotate refresh token (native)	Native
POST	/auth/native/logout	Logout (native)	Native
POST	/auth/native/mfa/verify	Verify TOTP code (native)	Native
POST	/auth/native/mfa/recovery	Use recovery code (native)	Native
POST	/auth/native/mfa/step-up	Step-up to AAL2 (native)	Native
POST	/auth/native/recovery/login	Log in with a recovery code (native)	Native

Data models

ErrorTokenResponseNativeTokenResponseRefreshTokenBodyMessageResponseOtpRequestBodyOtpVerifyBodyPasswordSignupRequestBodyPasswordSignupBodyPasswordLoginBodyUsernameSignupBodyUsernameLoginBodyPasswordResetRequestBodyPasswordResetConfirmBodyPasskeyLoginBeginBodyPasskeyRegisterCompleteBodyPasskeyLoginCompleteBodyGoogleOAuthBodyAppleOAuthBodyUserInfoWalletLinkRequestWalletLinkResponseWalletGetResponseCreateApiTokenBodyApiTokenApiTokenCreatedSetProductBodyProductsResponseJwksResponseMfaRequiredResponseMfaVerifyBodyMfaRecoveryBodyMfaCodeBodyMfaEnrollPasswordBodyMfaConfirmBodyMfaEnrollResponseMfaConfirmResponseMfaStatusResponse