Dashboard Authentication
Request access, log in, manage sessions, configure MFA, and manage account security.
All routes in this page live under https://app.pacspace.io/dashboard/auth.
POST https://app.pacspace.io/dashboard/auth/request-access
Public routes do not require authentication. Protected routes require a valid dashboard session cookie (-b pacspace-dashboard-cookies.txt).
Unsafe cookie-authenticated methods (POST, PUT, PATCH, DELETE) also include X-Pacspace-CSRF: 1.
Request Access
PacSpace accounts are approved before a tenant is created. Start with a request-access call. It always returns the same public response, even if the email already has a request.
curl -X POST https://app.pacspace.io/dashboard/auth/request-access \
-H "Content-Type: application/json" \
-d '{
"name": "Jane Doe",
"email": "jane@company.com",
"organization": "Acme Inc",
"buyerMode": "DIRECT_INFERENCE_VENDOR",
"useCase": "Record usage before monthly invoices go out."
}'
After approval, PacSpace sends a single-use approval token. Use that token to create the account.
curl -X POST https://app.pacspace.io/dashboard/auth/register \
-H "Content-Type: application/json" \
-d '{
"name": "Jane Doe",
"email": "jane@company.com",
"password": "SecurePass1",
"organization": "Acme Inc",
"buyerMode": "DIRECT_INFERENCE_VENDOR",
"approvalToken": "APPROVAL_TOKEN"
}'
Without an approved token, registration returns REGISTRATION_REQUIRES_APPROVAL and no tenant is created.
Login
Authenticate with email/password and establish an httpOnly dashboard session.
curl -X POST https://app.pacspace.io/dashboard/auth/login \
-c pacspace-dashboard-cookies.txt \
-H "Content-Type: application/json" \
-d '{
"email": "jane@company.com",
"password": "SecurePass1"
}'
If MFA is enabled and no MFA code is supplied, login returns:
{
"success": true,
"data": {
"requiresMfa": true,
"mfaTicket": "..."
},
"message": "MFA verification required"
}
Complete MFA Login
curl -X POST https://app.pacspace.io/dashboard/auth/login/mfa-verify \
-c pacspace-dashboard-cookies.txt \
-H "Content-Type: application/json" \
-d '{
"mfaTicket": "MFA_TICKET_FROM_LOGIN",
"code": "123456"
}'
Refresh Access Token
Rotate the httpOnly refresh cookie and issue a new httpOnly access cookie.
curl -X POST https://app.pacspace.io/dashboard/auth/refresh-token \
-b pacspace-dashboard-cookies.txt \
-c pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1"
Logout
Revoke the current httpOnly refresh cookie and clear the browser session.
curl -X POST https://app.pacspace.io/dashboard/auth/logout \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1"
The refresh token is read from the httpOnly cookie, not from JSON.
Verify Email
curl "https://app.pacspace.io/dashboard/auth/verify?token=VERIFICATION_TOKEN"
Resend Verification Email
curl -X POST https://app.pacspace.io/dashboard/auth/resend-verification-email \
-H "Content-Type: application/json" \
-d '{
"email": "jane@company.com"
}'
Password Recovery
Request Password Reset
curl -X POST https://app.pacspace.io/dashboard/auth/request-password-reset \
-H "Content-Type: application/json" \
-d '{
"email": "jane@company.com"
}'
Reset Password
curl -X POST https://app.pacspace.io/dashboard/auth/reset-password \
-H "Content-Type: application/json" \
-d '{
"token": "RESET_TOKEN",
"password": "NewSecurePass1"
}'
Change Password (Authenticated)
curl -X POST https://app.pacspace.io/dashboard/auth/change-password \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1" \
-H "Content-Type: application/json" \
-d '{
"currentPassword": "SecurePass1",
"newPassword": "EvenStronger2"
}'
Change Email
Request an email change (verification sent to the new address):
curl -X POST https://app.pacspace.io/dashboard/auth/change-email \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1" \
-H "Content-Type: application/json" \
-d '{
"newEmail": "new@company.com",
"currentPassword": "SecurePass1"
}'
Confirm the change:
curl "https://app.pacspace.io/dashboard/auth/verify-email-change?token=EMAIL_CHANGE_TOKEN"
Multi-Factor Authentication (MFA)
1) Generate Setup Secret
curl -X POST https://app.pacspace.io/dashboard/auth/mfa/setup \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1"
Returns setup material (shown once), including secret, otpauthUrl, and recoveryCodes.
2) Enable MFA
curl -X POST https://app.pacspace.io/dashboard/auth/mfa/enable \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1" \
-H "Content-Type: application/json" \
-d '{
"code": "123456"
}'
3) Disable MFA
curl -X POST https://app.pacspace.io/dashboard/auth/mfa/disable \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1" \
-H "Content-Type: application/json" \
-d '{
"currentPassword": "SecurePass1",
"code": "123456"
}'
User Profile And Preferences
Get Profile
curl https://app.pacspace.io/dashboard/auth/profile \
-b pacspace-dashboard-cookies.txt
Update Preferred Environment
curl -X PATCH https://app.pacspace.io/dashboard/auth/preferences \
-b pacspace-dashboard-cookies.txt \
-H "X-Pacspace-CSRF: 1" \
-H "Content-Type: application/json" \
-d '{
"preferredEnvironment": "sandbox"
}'
Endpoints Summary
| Endpoint | Method | Auth |
|---|---|---|
/dashboard/auth/register | POST | Public |
/dashboard/auth/login | POST | Public |
/dashboard/auth/login/mfa-verify | POST | Public |
/dashboard/auth/refresh-token | POST | Public |
/dashboard/auth/logout | POST | Session cookie |
/dashboard/auth/verify | GET | Public |
/dashboard/auth/resend-verification-email | POST | Public |
/dashboard/auth/request-password-reset | POST | Public |
/dashboard/auth/reset-password | POST | Public |
/dashboard/auth/change-password | POST | Session cookie |
/dashboard/auth/change-email | POST | Session cookie |
/dashboard/auth/verify-email-change | GET | Public |
/dashboard/auth/mfa/setup | POST | Session cookie |
/dashboard/auth/mfa/enable | POST | Session cookie |
/dashboard/auth/mfa/disable | POST | Session cookie |
/dashboard/auth/profile | GET | Session cookie |
/dashboard/auth/preferences | PATCH | Session cookie |