Getting started
Authentication
AgentMesh uses built-in JWT authentication. You exchange email and password for a short-lived access token and a long-lived refresh token, then send the access token as a bearer token on every request.
Endpoints
POST /v1/auth/register create an account
POST /v1/auth/login email + password -> token pair
POST /v1/auth/refresh refresh token -> new access token
POST /v1/auth/logout revoke the session
GET /v1/auth/me the current user
PATCH /v1/auth/me update your profile
POST /v1/auth/change-password change passwordUsing the token
curl https://app.agent-mesh.org/v1/agents \
-H "Authorization: Bearer $ACCESS_TOKEN"Access tokens are short-lived. When one expires, exchange the refresh token at POST /v1/auth/refresh rather than logging in again.
Missing or invalid auth
{"detail": "Authorization header missing"}Auth endpoints are rate-limited to 5 requests/minute (3/minute for password reset and email verification). Passwords are hashed with bcrypt; a non-ACTIVE account is rejected at token validation.