Authentication
Authentication method
Section titled “Authentication method”Sicket currently uses JWT bearer tokens.
Send:
Authorization: Bearer <token>Login flow
Section titled “Login flow”Typical dashboard login:
POST /api/auth/login- receive JWT token
- send token on subsequent authenticated requests
Realtime note
Section titled “Realtime note”Realtime uses authenticated Server-Sent Events.
Because native browser EventSource does not support custom Authorization headers, browser clients should use a fetch-based SSE client when connecting to:
GET /api/realtime/events
Future public API note
Section titled “Future public API note”If Sicket opens a customer-facing public API later, this site should document whether those endpoints continue using bearer tokens or move to API keys / OAuth.