Documentation Index
Fetch the complete documentation index at: https://docs.thig.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authentication
Session Authentication
The primary authentication method is session-based via NextAuth. When signed in through the web application, API requests from the same browser session are automatically authenticated via cookies.
API Key Authentication
Organization administrators can create REST API keys for programmatic access. Keys follow the format thig_ + 40 hexadecimal characters.
Include the API key in the Authorization header:
curl -H "Authorization: Bearer thig_a1b2c3d4e5f6..." \
https://app.thig.ai/api/projects
Key Management
Create and manage API keys at Settings > Developer (/admin/settings/developer) or via the API:
# Create a key
curl -X POST https://app.thig.ai/api/admin/rest-api-keys \
-H "Authorization: Bearer thig_EXISTING_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "CI/CD Pipeline", "expiresAt": "2027-01-01T00:00:00Z"}'
# List keys
curl -H "Authorization: Bearer thig_YOUR_KEY" \
https://app.thig.ai/api/admin/rest-api-keys
Rate Limits
API keys are rate-limited to 60 requests per minute by default. Enterprise plans can configure custom per-key limits.
Plan Availability
| Plan | API Keys |
|---|
| Free | Not available |
| Starter | 2 keys |
| Professional | 10 keys |
| Enterprise | Unlimited |
Auth Endpoints
Register
Password (min 8 chars, must include uppercase, lowercase, and digit)
IANA timezone string (e.g., “America/New_York”)
Optional invitation token to join an organization
curl -X POST https://app.thig.ai/api/auth/register \
-H "Content-Type: application/json" \
-d '{
"name": "Jane Doe",
"email": "jane@example.com",
"password": "SecurePass1",
"timezone": "America/New_York"
}'
Sign Out
curl -X POST https://app.thig.ai/api/auth/sign-out \
-H "Cookie: next-auth.session-token=YOUR_SESSION"
Forgot Password
curl -X POST https://app.thig.ai/api/auth/forgot-password \
-H "Content-Type: application/json" \
-d '{"email": "jane@example.com"}'
Reset Password
curl -X POST https://app.thig.ai/api/auth/reset-password \
-H "Content-Type: application/json" \
-d '{
"token": "reset-token-from-email",
"password": "NewSecurePass1",
"confirmPassword": "NewSecurePass1"
}'
Change Password (Authenticated)
curl -X POST https://app.thig.ai/api/auth/change-password \
-H "Content-Type: application/json" \
-H "Cookie: next-auth.session-token=YOUR_SESSION" \
-d '{"currentPassword": "OldPass1", "newPassword": "NewPass1"}'
Verify Email
curl "https://app.thig.ai/api/auth/verify-email?token=verification-token-from-email"
Resend Verification Email
curl -X POST https://app.thig.ai/api/auth/resend-verification \
-H "Content-Type: application/json" \
-d '{"email": "jane@example.com"}'
Permissions
API access respects your organization role:
| Role | Access Level |
|---|
| Owner | Full access to all resources and settings |
| Admin | Manage team, templates, and settings |
| Member | Create and manage own projects |
| Viewer | Read-only access to shared projects |
Security
- Account lockout after 5 failed login attempts (15-minute lockout, 30-minute reset)
- Rate limiting on auth endpoints to prevent brute force
- Passwords hashed with bcryptjs
- API keys encrypted at rest with AES-256-GCM
Share Token Authentication
Some endpoints support unauthenticated access via share tokens for external collaboration:
curl -H "x-share-token: SHARE_TOKEN" \
-H "x-share-password: OPTIONAL_PASSWORD" \
https://app.thig.ai/api/projects/PROJECT_ID
