Storywrangler
Navigation
Claude generated — content in progress

Authentication

The Storywrangler API uses API key authentication. Accounts are created by an admin — you cannot self-register. Once your account exists, you exchange your credentials for an API key and use it as a Bearer token on all authenticated requests.

Get your API key

Once your account exists, POST your credentials to /auth/login. The response includes your permanent api_key.

curl -X POST http://localhost:8000/auth/login \
  -H 'Content-Type: application/json' \
  -d '{"username": "alice", "password": "secret"}'

Response:

{
  "id": 1,
  "username": "alice",
  "email": "alice@uvm.edu",
  "role": "user",
  "api_key": "sk_abc123...",
  "is_active": true
}

Save your api_key — this is the token you'll use for every subsequent request.

Use your API key

Pass the key as a Bearer token in the Authorization header:

curl http://localhost:8000/auth/me \
  -H 'Authorization: Bearer sk_abc123...'

With the SDK:

from storywrangler import Storywrangler

client = Storywrangler(api_key="sk_abc123...")
client.registry.register(dataset)

Roles

Role What it can do
user Register and update datasets. Query all public endpoints.
admin Everything a user can do, plus create accounts, manage roles, and access /admin/* endpoints.

Admin bootstrap

A single admin account is seeded automatically on first server startup using environment variables:

ADMIN_USERNAME=admin
ADMIN_PASSWORD=changeme
ADMIN_EMAIL=admin@example.com

The generated API key is printed to the server log on first boot. Use it to provision the first real accounts.

Verify your token

curl http://localhost:8000/auth/me \
  -H 'Authorization: Bearer <your-api-key>'

Returns your user profile, or 401 Unauthorized if the key is invalid or your account has been deactivated.