Login
Authenticates an admin user and returns a short-lived JWT access token. The rotatable refresh token is set in an HttpOnly cookie — it is not included in the response body.
The provider field selects the authentication method. When omitted it
defaults to email, the built-in email/password login.
To authenticate against a third-party identity provider (Okta, Azure AD,
Google Workspace SSO, a custom JWT issuer, SAML, etc.), send
{ "provider": "<your_key>", ... } with the fields that provider
requires. The endpoint returns the same JWT regardless of which provider
authenticated the request. See
Custom API Authentication
for the list of configured providers and their required fields.
Authorizations
Secret API key for admin access

