Documentation
API reference
REST API endpoints for integrating WRNexus authentication and workspace data into your own applications.
The WRNexus API is a REST API accessible at https://sso.wrnexus.com/api
(auth) and https://account.wrnexus.com/api (account & workspace data).
All requests must be authenticated with an API key passed in the
Authorization header:
Authorization: Bearer wrn_live_<your_api_key>
Generate API keys from Account → Developer → API keys.
Authentication endpoints
POST /api/auth/login
Authenticate with email and password.
Request body:
{
"email": "user@example.com",
"password": "s3curepassw0rd"
}
Response 200 OK:
{
"ok": true,
"data": {
"session": {
"id": "sess_01HVZXXX",
"userId": "usr_01HVZYYY",
"expiresAt": "2025-09-01T00:00:00Z"
}
}
}
POST /api/auth/logout
Revoke the current session.
Response 204 No Content — no body.
GET /api/auth/session
Return the session and user data for the current session cookie.
Response 200 OK:
{
"ok": true,
"data": {
"user": { "id": "usr_01HVZYYY", "email": "user@example.com", "name": "Ada Lovelace" },
"session": { "id": "sess_01HVZXXX", "expiresAt": "2025-09-01T00:00:00Z" },
"workspace": { "id": "ws_01HVZZZZ", "slug": "my-team", "plan": "pro" }
}
}
Workspace endpoints
GET /api/workspaces
List all workspaces the authenticated user is a member of.
GET /api/workspaces/:id
Return a single workspace by ID.
POST /api/workspaces
Create a new workspace.
Request body:
{
"slug": "my-new-workspace",
"displayName": "My New Workspace"
}
Error responses
All errors follow the same shape:
{
"ok": false,
"error": {
"code": "AUTH_INVALID_CREDENTIALS",
"message": "Email or password is incorrect."
}
}
Common error codes:
| Code | HTTP Status | Description |
|---|---|---|
AUTH_INVALID_CREDENTIALS | 401 | Wrong email or password |
AUTH_SESSION_EXPIRED | 401 | Session has expired |
AUTH_MFA_REQUIRED | 403 | MFA step required |
FORBIDDEN | 403 | Insufficient permissions |
NOT_FOUND | 404 | Resource not found |
RATE_LIMITED | 429 | Too many requests |
VALIDATION_ERROR | 422 | Invalid request body |
Rate limiting
Auth endpoints are limited to 10 requests per minute per IP. The
Retry-After header indicates when you may retry. Workspace and account
endpoints allow 120 requests per minute per API key.
Pagination
List endpoints accept ?limit= (max 100, default 20) and ?cursor= for
cursor-based pagination. The response includes a nextCursor field when more
results are available.
See also
- Webhooks — verify and consume Stripe billing events forwarded by WRNexus.
- Authentication — recommended MFA and session settings before generating production API keys.