All API requests must include an Authorization header with a valid JWT token: Authorization: Bearer <token>
Obtain a token by authenticating through the OAuth endpoint: POST /api/auth/signin with provider credentials. The response includes an access token valid for 24 hours and a refresh token valid for 30 days.
Example: POST /api/auth/signin Content-Type: application/json { "provider": "google", "idToken": "..." }
Response: { "accessToken": "eyJhbGc...", "refreshToken": "...", "expiresIn": 86400 }