Auth Endpoints

Manage accounts and API keys.

POST /v1/auth/register

Create a new QuantumSafe account. Authentication: None required

Request

{
  "email": "dev@example.com",
  "password": "securepassword123",
  "name": "Alice Developer"
}

Field	Type	Required	Description
`email`	string	Yes	Account email address
`password`	string	Yes	Minimum 12 characters
`name`	string	No	Display name

Response `201 Created`

{
  "data": {
    "id": "usr_abc123",
    "email": "dev@example.com",
    "name": "Alice Developer",
    "plan": "free",
    "createdAt": "2026-01-15T10:30:00Z"
  },
  "meta": {
    "requestId": "req_xyz789",
    "timestamp": "2026-01-15T10:30:00Z"
  }
}

Authenticate and receive a session token. Authentication: None required

Request

{
  "email": "dev@example.com",
  "password": "securepassword123"
}

Response `200 OK`

{
  "data": {
    "token": "eyJhbGciOiJFZERTQSIs...",
    "expiresAt": "2026-01-16T10:30:00Z",
    "user": {
      "id": "usr_abc123",
      "email": "dev@example.com",
      "plan": "free"
    }
  }
}

The session token is used for dashboard access. For API access, use API keys instead.

POST /v1/auth/api-keys

Create a new API key. Authentication: Bearer token (from login) or existing Secret API key

Request

{
  "name": "Production Backend",
  "type": "secret",
  "environment": "live"
}

Field	Type	Required	Values
`name`	string	Yes	Human-readable label
`type`	string	Yes	`publishable` or `secret`
`environment`	string	Yes	`test` or `live`

Response `201 Created`

{
  "data": {
    "id": "key_def456",
    "name": "Production Backend",
    "type": "secret",
    "environment": "live",
    "key": "qs_sec_live_sk_abc123def456...",
    "createdAt": "2026-01-15T10:30:00Z"
  }
}

The full API key is only returned once at creation time. Store it securely. You cannot retrieve it again.

GET /v1/auth/api-keys

List all API keys for the authenticated account. Authentication: Bearer token or Secret API key

Response `200 OK`

{
  "data": [
    {
      "id": "key_def456",
      "name": "Production Backend",
      "type": "secret",
      "environment": "live",
      "prefix": "qs_sec_live_sk_abc1...",
      "lastUsedAt": "2026-01-15T09:00:00Z",
      "createdAt": "2026-01-10T10:30:00Z"
    },
    {
      "id": "key_ghi789",
      "name": "Frontend Scanner",
      "type": "publishable",
      "environment": "live",
      "prefix": "qs_pub_live_pk_xyz9...",
      "lastUsedAt": "2026-01-15T10:15:00Z",
      "createdAt": "2026-01-12T14:00:00Z"
    }
  ]
}

The full key is never returned in list responses. Only the prefix is shown for identification.

DELETE /v1/auth/api-keys/

Delete (revoke) an API key. Takes effect immediately. Authentication: Bearer token or Secret API key

Path Parameters

Parameter	Type	Description
`id`	string	The API key ID (e.g., `key_def456`)

Response `204 No Content`

No response body.

curl -X DELETE https://api.qsafe.dev/v1/auth/api-keys/key_def456 \
  -H "Authorization: Bearer qs_sec_live_sk_abc123..."

Key deletion is instant and irreversible. Any requests using the deleted key will immediately receive AUTH_002.

Getting Started

Guides

KMS Managed (v1.5)

Concepts

Resources

Auth Endpoints

Auth Endpoints

POST /v1/auth/register

Request

Response `201 Created`

Request

Response `200 OK`

POST /v1/auth/api-keys

Request

Response `201 Created`

GET /v1/auth/api-keys

Response `200 OK`

DELETE /v1/auth/api-keys/

Path Parameters

Response `204 No Content`

Getting Started

Guides

KMS Managed (v1.5)

Concepts

Resources

​Auth Endpoints

​POST /v1/auth/register

​Request

​Response 201 Created

​POST /v1/auth/login

​Request

​Response 200 OK

​POST /v1/auth/api-keys

​Request

​Response 201 Created

​GET /v1/auth/api-keys

​Response 200 OK

​DELETE /v1/auth/api-keys/

​Path Parameters

​Response 204 No Content

Auth Endpoints

POST /v1/auth/register

Request

Response `201 Created`

POST /v1/auth/login

Request

Response `200 OK`

POST /v1/auth/api-keys

Request

Response `201 Created`

GET /v1/auth/api-keys

Response `200 OK`

DELETE /v1/auth/api-keys/

Path Parameters

Response `204 No Content`