Workspace

Dashboard

Create project Library Templates Design system Documentation API management

Agents & Automation

Workflows

Members API keys Developer docs

Settings & Billing

Quick links

JS

Guest User

guest@runash.ai

Workspace

Documentation

Documentation

Loading dashboard…

System healthy

Last sync: 05:06 PM

Status Help Version Legal Privacy

Shortcuts: ⌘K Search · G then D Dashboard

Status Help Version Legal Privacy

RunAsh AI

© 2026 RunAsh.AI

v1.0.0

API documentation hub

Developer documentation and integration references

Browse OpenAPI auth endpoints, key lifecycle runbooks, webhook reliability guidance, and standardized error + rate-limit behavior.

OpenAPI source

Use docs/openapi/auth.openapi.json as the contract source of truth.

Key management

Create, revoke, list keys

Webhook docs

Signature verification, retries, idempotency, and dead-letter handling patterns.

Limits & errors

Reference status codes and retry semantics before production launch.

Workspace UI style guide

Internal guidance for shared page primitives, keyboard flow checks, label quality, and focus ordering.

Open workspace UI style guide

OpenAPI endpoint explorer

Powered by docs/openapi/auth.openapi.json with path + method metadata from the auth contract.

RunAsh Auth API

v1.0.0

46 paths

64 operations

GET

/api/auth/2fa/backup-codes

Core Auth

Responses: 200, 400, 401, 500

GET /api/auth/2fa/backup-codes

POST

/api/auth/2fa/backup-codes

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/2fa/backup-codes

GET

/api/auth/2fa/setup

Core Auth

Responses: 200, 400, 401, 500

GET /api/auth/2fa/setup

POST

/api/auth/2fa/setup

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/2fa/setup

POST

/api/auth/2fa/verify

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/2fa/verify

PUT

/api/auth/2fa/verify

Core Auth

Responses: 200, 400, 401, 500

PUT /api/auth/2fa/verify

GET

/api/auth/account

Core Auth

Responses: 200, 400, 401, 500

GET /api/auth/account

PATCH

/api/auth/account

Core Auth

Responses: 200, 400, 401, 500

PATCH /api/auth/account

DELETE

/api/auth/account

Core Auth

Responses: 200, 400, 401, 500

DELETE /api/auth/account

POST

/api/auth/account/change-email

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/account/change-email

PUT

/api/auth/account/change-email

Core Auth

Responses: 200, 400, 401, 500

PUT /api/auth/account/change-email

POST

/api/auth/account/link-anonymous

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/account/link-anonymous

POST

/api/auth/account/password

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/account/password

POST

/api/auth/account/resend-code

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/account/resend-code

POST

/api/auth/account/unlink

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/account/unlink

POST

/api/auth/anonymous

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/anonymous

POST

/api/auth/bearer-token

Bearer

Responses: 200, 400, 401, 500

Issue bearer session token

DELETE

/api/auth/bearer-token

Bearer

Responses: 200, 400, 401, 500

Revoke bearer session token

POST

/api/auth/change-password

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/change-password

GET

/api/auth/docs

Core Auth

Responses: 200, 400, 401, 500

GET /api/auth/docs

POST

/api/auth/forgot-password

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/forgot-password

GET

/api/auth/get-session

Core Auth

Responses: 200, 400, 401, 500

GET /api/auth/get-session

POST

/api/auth/google-one-tap/callback

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/google-one-tap/callback

POST

/api/auth/magic-link

Core Auth

Responses: 200, 400, 401, 500

POST /api/auth/magic-link

Showing first 24 operations for readability. Use the full JSON contract for generated SDKs and CI validation.

API key management

Create, rotate, and revoke scoped keys without exposing live secrets.

Create key

Name keys by service and environment. Example: mobile-prod-read.

Rotate key

Issue a replacement key, deploy it, verify traffic, then revoke the old key.

Revoke key

Immediately disable compromised keys and review related audit events.

Webhooks and delivery docs

Use signed events with replay protection and retry-safe handlers.

• Validate request signature and timestamp before processing payloads.

• Return 2xx only after persistence succeeds to avoid duplicate side effects.

• Keep handlers idempotent because retries can happen for up to 24 hours.

• Track delivery status and dead-letter retries in your observability stack.

Safe request playground

Test requests in a sandbox-style composer. Secrets remain masked in preview and logs.

EndpointAuthorization

Request preview

curl -X POST https://api.runash.ai/api/auth/sign-in/email \
  -H "Authorization: Bearer ***masked***" \
  -H "Content-Type: application/json" \
  -d '{"email":"dev@runash.ai","password":"***masked***"}'

Secrets masked

Rate-limit safe mode

Audit trail enabled

Rate limits & error codes

Reference behavior for retries and circuit breakers.

429 Too Many Requests · back off with jitter and retry.

401 Unauthorized · refresh credentials or session token.

403 Forbidden · check scopes for requested operation.

422 Validation Error · inspect payload schema + required fields.

500 Server Error · retry idempotent requests with capped exponential backoff.

503 Service Unavailable · switch to fallback path and alert on-call.

Developer CTA cards

Quick links to keep docs and API management reachable from dashboard workflows.

Open API key manager Open docs explorer Configure integrations