Authentication

The following authentication method is only for self-hosted Umami. For Umami Cloud, you simply need to generate an API key.

POST /api/auth/login

First you need to get a token in order to make API requests. You need to make a POST request to the /api/auth/login endpoint with the following data:

{
  "username": "your-username",
  "password": "your-password"
}

If successful you should get a response like the following:

{
    "token": "eyTMjU2IiwiY...4Q0JDLUhWxnIjoiUE_A",
    "user": {
        "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "username": "admin",
        "role": "admin",
        "createdAt": "2000-00-00T00:00:00.000Z",
        "isAdmin": true
    }
}

Save the token value and send an Authorization header with all your data requests with the value Bearer <token>. Your request header should look something like this:

Authorization: Bearer eyTMjU2IiwiY...4Q0JDLUhWxnIjoiUE_A

For example, with curl it would look like this:

curl https://{yourserver}/api/websites
   -H "Accept: application/json"
   -H "Authorization: Bearer <token>"

The authorization token is expected with every API call that requires permissions.

POST /api/auth/verify

You can verify if the token is still valid.

Sample response

{
    "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "username": "admin",
    "role": "admin",
    "createdAt": "2000-00-00T00:00:00.000Z",
    "isAdmin": true
}

Overview

Previous Page

Me

Next Page

On this page

POST /api/auth/loginPOST /api/auth/verify