Authentication

API keys, bearer tokens, and session-based authentication for the ORIGIN Neural API.

API Keys

All API requests require authentication via an API key. Create and manage API keys from your dashboard. Keys are prefixed with origin_sk_ for easy identification.

Keep your API keys secret. Do not expose them in client-side code, public repositories, or browser network requests. Use server-side proxy routes for browser-based applications.

POST/api/auth/api-keysAUTH

Create a new API key. Returns the key value only once — store it securely.

Parameters

Name	Type	Description
`name`*	string	A label for the key (e.g. "production", "dev")

Response

{
  "key": "origin_sk_live_abc123...",
  "id": "key_01",
  "name": "production",
  "created_at": "2026-02-01T00:00:00Z"
}

GET/api/auth/api-keysAUTH

List all API keys for the authenticated user. Key values are masked.

Response

{
  "keys": [
    {
      "id": "key_01",
      "name": "production",
      "masked_key": "origin_sk_...xyz",
      "created_at": "2026-02-01T00:00:00Z",
      "last_used": "2026-02-07T12:00:00Z"
    }
  ]
}

DELETE/api/auth/api-keysAUTH

Revoke an API key. This action is immediate and irreversible.

Parameters

Name	Type	Description
`key_id`*	string	The ID of the key to revoke

Bearer Token Format

Pass your API key in the Authorization header using the Bearer scheme. Every authenticated endpoint requires this header.

Authorization header

bash

curl -H "Authorization: Bearer origin_sk_your_key" \
  https://originneural.ai/api/voices

Magic Link Auth (Session)

The Origin Neural dashboard uses magic link authentication. Users enter their email, receive a one-time link, and are authenticated via httpOnly session cookies. This flow is for the web app — use API keys for programmatic access.

POST/api/auth/login

Send a magic link to the provided email address.

Parameters

Name	Type	Description
`email`*	string	The user's email address

Response

{
  "message": "Magic link sent to your email."
}

POST/api/auth/verify

Verify a magic link token and establish a session.

Parameters

Name	Type	Description
`token`*	string	The magic link token from the email

Response

{
  "user": {
    "id": "user_01",
    "email": "user@example.com",
    "plan": "pro"
  }
}

GET/api/auth/session

Get the current session. Returns null if not authenticated.

Response

{
  "user": {
    "id": "user_01",
    "email": "user@example.com",
    "plan": "pro"
  }
}

POST/api/auth/logoutAUTH

Destroy the current session and clear cookies.

← PreviousIntroduction

Next →SDKs & Examples

API Keys

All API requests require authentication via an API key. Create and manage API keys from your dashboard. Keys are prefixed with origin_sk_ for easy identification.

Keep your API keys secret. Do not expose them in client-side code, public repositories, or browser network requests. Use server-side proxy routes for browser-based applications.

POST/api/auth/api-keysAUTH

Create a new API key. Returns the key value only once — store it securely.

Parameters

Name	Type	Description
`name`*	string	A label for the key (e.g. "production", "dev")

Response

{
  "key": "origin_sk_live_abc123...",
  "id": "key_01",
  "name": "production",
  "created_at": "2026-02-01T00:00:00Z"
}

GET/api/auth/api-keysAUTH

List all API keys for the authenticated user. Key values are masked.

Response

{
  "keys": [
    {
      "id": "key_01",
      "name": "production",
      "masked_key": "origin_sk_...xyz",
      "created_at": "2026-02-01T00:00:00Z",
      "last_used": "2026-02-07T12:00:00Z"
    }
  ]
}

DELETE/api/auth/api-keysAUTH

Revoke an API key. This action is immediate and irreversible.

Parameters

Name	Type	Description
`key_id`*	string	The ID of the key to revoke

Magic Link Auth (Session)

POST/api/auth/login

Send a magic link to the provided email address.

Parameters

Name	Type	Description
`email`*	string	The user's email address

Response

{
  "message": "Magic link sent to your email."
}

POST/api/auth/verify

Verify a magic link token and establish a session.

Parameters

Name	Type	Description
`token`*	string	The magic link token from the email

Response

{
  "user": {
    "id": "user_01",
    "email": "user@example.com",
    "plan": "pro"
  }
}

GET/api/auth/session

Get the current session. Returns null if not authenticated.

Response

{
  "user": {
    "id": "user_01",
    "email": "user@example.com",
    "plan": "pro"
  }
}

POST/api/auth/logoutAUTH

Destroy the current session and clear cookies.