Thauth.devDocumentation
HomeLegalSupport

Documentation

API Overview

Understand the public API plane, current endpoints, and authentication requirements.

Public project API

The /v1/* endpoints are authenticated with a project API key.

Use them from your product runtime when you need authorization decisions or project-scoped configuration.

Current public endpoints in local code:

  • GET /v1/config
  • POST /v1/check
  • POST /v1/check/batch
  • POST /v1/subjects/upsert

Customer-facing contract pages:

Direct HTTP integration

Call the public API directly for now. Keep the project API key on your server, set explicit request timeouts, and handle 401/403 responses as integration failures.

Authentication headers

Public API:

Authorization: Bearer <project-api-key>
Content-Type: application/json

Error shape

Most validation and request-shape failures return JSON with an error field.

{
  "error": "subject is required"
}

POST /v1/check fails closed for internal evaluation issues and returns:

{
  "allowed": false,
  "reason": "error"
}

POST /v1/check/batch returns a JSON error response for request-level failures, but per-item evaluation failures remain inside a 200 OK batch response with results[].reason = "error".

Cookie Notice

We use essential cookies for sign-in, session security, and CSRF protection. We also use privacy-first, cookie-free analytics to improve Thauth. Learn more