Self-Service Auth API
The Auth API lets you create accounts and manage API keys programmatically. These endpoints are public and do not require authentication.
Endpoints Overview
Section titled “Endpoints Overview”| Method | Endpoint | Description |
|---|---|---|
POST | /v1/auth/signup | Create a free account and get an API key |
POST | /v1/auth/recover-key | Recover (regenerate) a lost API key |
POST /v1/auth/signup
Section titled “POST /v1/auth/signup”POST /v1/auth/signup
Create a free-tier account with just an email address. Returns an API key immediately. No email verification required for the MVP.
Request
Section titled “Request”Headers
Section titled “Headers”| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
{ "email": "developer@example.com"}Parameters
Section titled “Parameters”| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Valid email address. Case-insensitive. Used for account recovery. |
Response
Section titled “Response”Success (200)
Section titled “Success (200)”{ "success": true, "apiKey": "gk_example_replace_with_your_real_key", "prefix": "gk_example_r", "tier": "free", "monthlyLimit": 25, "message": "Welcome to Glyph! Your free API key is ready."}| Field | Type | Description |
|---|---|---|
success | boolean | Whether signup succeeded |
apiKey | string | Your new API key. Store this securely — it will not be shown again. |
prefix | string | Key prefix (first 11 characters) for identification |
tier | string | Account tier (free) |
monthlyLimit | number | Monthly PDF generation limit (25 for free tier) |
message | string | Welcome message |
Error Responses
Section titled “Error Responses”400 Bad Request — Missing or invalid email
{ "error": "Email is required", "code": "HTTP_ERROR"}{ "error": "Invalid email format", "code": "HTTP_ERROR"}409 Conflict — Email already registered
{ "error": "An account with this email already exists. Use 'Forgot your API key?' to recover it.", "code": "HTTP_ERROR"}429 Too Many Requests — Signup rate limit exceeded (3 per IP per hour)
{ "error": "Too many sign-up attempts. Please try again later.", "code": "HTTP_ERROR"}Code Examples
Section titled “Code Examples”curl -X POST https://api.glyph.you/v1/auth/signup \ -H "Content-Type: application/json" \ -d '{"email": "developer@example.com"}'JavaScript
Section titled “JavaScript”const response = await fetch('https://api.glyph.you/v1/auth/signup', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email: 'developer@example.com' })});
const result = await response.json();
if (result.success) { console.log(`API Key: ${result.apiKey}`); console.log(`Monthly limit: ${result.monthlyLimit} PDFs`); // Store the key securely - it won't be shown again} else { console.error(result.error);}Python
Section titled “Python”import requests
response = requests.post( 'https://api.glyph.you/v1/auth/signup', json={'email': 'developer@example.com'})
result = response.json()
if result.get('success'): print(f"API Key: {result['apiKey']}") print(f"Monthly limit: {result['monthlyLimit']} PDFs") # Store the key securely - it won't be shown againelse: print(f"Error: {result.get('error')}")POST /v1/auth/recover-key
Section titled “POST /v1/auth/recover-key”POST /v1/auth/recover-key
Recover access to your account by generating a new API key. The old key is immediately invalidated.
Request
Section titled “Request”Headers
Section titled “Headers”| Header | Required | Description |
|---|---|---|
Content-Type | Yes | application/json |
{ "email": "developer@example.com"}Parameters
Section titled “Parameters”| Parameter | Type | Required | Description |
|---|---|---|---|
email | string | Yes | Email address used during signup |
Response
Section titled “Response”Success (200) — Key Found
Section titled “Success (200) — Key Found”{ "success": true, "newApiKey": "gk_newKeyHere1234567890ab", "prefix": "gk_newKeyHe", "message": "API key regenerated successfully. Your old key is now invalid. Store this key securely - it won't be shown again."}| Field | Type | Description |
|---|---|---|
success | boolean | Always true for 200 responses |
newApiKey | string | Your new API key. The old key no longer works. |
prefix | string | Key prefix for identification |
message | string | Confirmation message |
Success (200) — Email Not Found
Section titled “Success (200) — Email Not Found”For security (to prevent email enumeration), the API returns a generic success response when the email is not registered:
{ "success": true, "message": "If this email is registered, a recovery email has been sent."}Error Responses
Section titled “Error Responses”400 Bad Request — Missing or invalid email
{ "error": "Email is required", "code": "HTTP_ERROR"}Code Examples
Section titled “Code Examples”curl -X POST https://api.glyph.you/v1/auth/recover-key \ -H "Content-Type: application/json" \ -d '{"email": "developer@example.com"}'JavaScript
Section titled “JavaScript”const response = await fetch('https://api.glyph.you/v1/auth/recover-key', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email: 'developer@example.com' })});
const result = await response.json();
if (result.newApiKey) { console.log(`New API Key: ${result.newApiKey}`); console.log('Your old key is now invalid. Update all applications.');} else { console.log(result.message);}Python
Section titled “Python”import requests
response = requests.post( 'https://api.glyph.you/v1/auth/recover-key', json={'email': 'developer@example.com'})
result = response.json()
if 'newApiKey' in result: print(f"New API Key: {result['newApiKey']}") print("Your old key is now invalid. Update all applications.")else: print(result['message'])Free Tier Limits
Section titled “Free Tier Limits”Accounts created via /v1/auth/signup start on the free tier:
| Resource | Limit |
|---|---|
| Monthly PDFs | 25 |
| Requests per minute | 10 |
| Session TTL | 1 hour |
| Custom templates | Requires database (not available with demo keys) |
To increase limits, upgrade your tier in the dashboard under Billing.
Security Notes
Section titled “Security Notes”- Rate limiting: Signup is limited to 3 attempts per IP address per hour
- Email enumeration protection: The recovery endpoint returns identical responses for existing and non-existing emails
- Key hashing: API keys are stored as SHA-256 hashes. Glyph never stores your raw key.
- One key per email: Each email can only have one active API key
See Also
Section titled “See Also”- Authentication — How to use your API key
- Rate Limits — Usage limits by tier
- Error Codes — Full error reference