User

authenticate to begin, authentication requires you to generate your non expiring secret key the secret key uniquely identifies your account it is used to generate temporary bearer tokens , which are required to authenticate all api requests think of it as your private access token — it verifies your identity and authorizes the system to perform actions on your behalf, such as sending data, retrieving transcripts, or calling tools your secret key is displayed only once for security reasons if you do not save it, you will have to delete it and generate a new one, potentially disrupting your access generating secret key via interface you can generate your secret key by navigating to the "manage account" menu this menu is accessible by clicking on your name in the top right of the interface click on "generate" button and follow the instructions in the "secret key" section manage account > generate obtaining the bearer token this section describes how you can obtain an authentication bearer token the bearer token is a temporary access token used to authenticate your api requests it is obtained by calling the /auth/token endpoint with your email address and secret key the token is valid for 7 days for security, tokens must be refreshed periodically prerequisites before you can obtain an authentication bearer token, you must have the following email address the email address you used to generate your secret key secret key your unith api https //docs unith ai/user#1igaz steps to obtain your authentication bearer token, use the /auth/token endpoint with the post method endpoint /auth/token method post description retrieves an authentication bearer token request headers accept application/json content type application/json request body { "email" "your email address", // replace with your registered email address "secretkey" "your secret key" // replace with your unith api secret key } request parameters email (string, required) your registered email address secretkey (string, required) your unith api secret key request body curl x 'post' \\ 'https //platform api unith ai/auth/token' \\ h 'accept application/json' \\ h 'content type application/json' \\ d '{ "email" "your email address", "secretkey" "your secret key" }' replace "your email address" and "your secret key" with your actual email address and secret key response status code 200 (ok) response body { "token" "your authentication bearer token" // the authentication bearer token } response parameters token (string) the authentication bearer token this token must be included in the authorization header of subsequent api requests expiration bearer tokens expire after 7 days your application will need to obtain a new token after this period by repeating the process described above error handling the api will return standard http error codes for invalid requests 401 unauthorized indicates that the email address or secret key is invalid 500 internal server error indicates a server error use the auth/token endpoint with your secret key to generate a bearer token bearer tokens expire after 7 days if your application requires a bearer token, regenerate one using this endpoint and your secret key every 7 days managing secret key via api if you forgot your secret key, you need to follow these steps delete your existing secret key using https //platform api unith ai/api/#/user/usercontroller deletesecretkey curl x 'delete' \\ 'https //platform api unith ai/user/delete secret key' \\ h 'accept application/json' \\ h 'authorization bearer 12345' generate a new secret key using https //platform api unith ai/api/#/user/usercontroller generatesecretkey curl x 'put' \\ 'https //platform api unith ai/user/generate secret key' \\ h 'accept application/json' \\ h 'authorization bearer 12345' getting your user information (including organization id) in some steps you will need your user id and/or your organization id use the following endpoint to get your information curl x 'get' \\ 'https //platform api unith ai/user/me' \\ h 'accept application/json' \\ h 'authorization bearer yourbearertoken' magic link authentication unith supports passwordless authentication via magic links—secure, single use login links sent to users' email addresses this provides a simple and secure way to access the unith platform without managing passwords magic links are automatically single use and expire after 10 minutes for security they cannot be reused, even if the link is clicked multiple times how magic link authentication works request login link user enters their email address on the login page email sent unith sends an email containing a unique, time limited login link click link user clicks the link in their email (valid for 10 minutes) automatic login user is automatically authenticated and redirected to the platform token consumed the login link becomes invalid immediately after first use security features single use tokens each magic link can only be used once after successful login, the token is immediately invalidated clicking the link again will show an "expired link" message time limited validity magic links expire after 10 minutes (30minutes for sign up) unused links cannot be accessed after expiration for security, always use the most recent link sent to your email secure token generation tokens use cryptographically secure random generation each token is unique and cannot be predicted or guessed tokens are tied to specific user accounts and cannot be transferred common scenarios expired link issue "link expired" message appears when clicking the magic link cause the link was either sent more than 10 minutes ago already used to log in solution request a new magic link from the login page already used link issue clicking the magic link shows an error or expired message cause the link was already used to authenticate each link works only once solution if you're already logged in, no action needed if you need to log in again, request a new magic link page refresh after login behavior after clicking a magic link and logging in, the authentication token is automatically removed from the url why this prevents the single use token from appearing in browser history or bookmarks note refreshing the page after login will not cause errors—you'll remain authenticated via your session multiple browser tabs scenario you click a magic link that opens in a new tab while you already have unith open in another tab behavior the new tab authenticates successfully with the magic link other tabs check authentication state and update automatically no errors or conflicts occur best practices email access ensure you have access to the email address registered with your unith account check spam/junk folders if magic link emails don't appear in your inbox add unith's email sender to your contacts to ensure delivery timing use magic links within 10 minutes of receiving them request a new link if the previous one expired only one magic link is valid at a time—newer links invalidate older ones security don't share magic links with others magic links are tied to your specific account and should never be forwarded links in email can only be used from the recipient's account browser compatibility magic links work in all modern browsers no special browser settings or extensions required works on mobile and desktop devices important notes token expiration magic links expire 10 minutes after being sent always use the link promptly after receiving the email single use only each magic link can only be used once after successful authentication, the link becomes permanently invalid email requirement you must have access to the email address registered with your unith account to use magic link authentication session duration after logging in via magic link, your session follows standard unith session expiration policies (separate from the magic link's 10 minute validity) multiple requests if you request multiple magic links, only the most recent one will work previous links are automatically invalidated when a new one is generated no password required magic links eliminate the need to remember passwords, but you should still maintain access to your registered email account alternative authentication methods if you prefer not to use magic links, unith also supports google oauth sign in with your google account api authentication use secret keys and bearer tokens for programmatic access