# Authentication

Page: https://microblog.dev/api/authentication/
API base URL: https://micro.blog

Sign in, registration, and token verification endpoints.

## Endpoints
### POST /account/signin

URL: `https://micro.blog/account/signin`

Sends a sign-in email for an existing account. App sign-in requests must include a registered app name and redirect URL.

Notes:
- Apps that use this sign-in flow must be registered with Micro.blog before sending `app_name` and `redirect_url`. Email [help@micro.blog](mailto:help@micro.blog) with the app name and redirect URL to request registration.




Query parameters:
- `email` (string, required): Email address for the account.
  Example: `example@example.com`
- `app_name` (string, optional): Name of the app requesting access.
  Example: `Micro.blog for Android`
- `redirect_url` (string, optional): Registered redirect URL for the app sign-in flow.
  Example: `microblog://signin/`
- `is_mobile` (integer, optional): Set to `1` for the mobile sign-in email flow.
  Example: `1`






Example request:

```sh
curl -X POST "https://micro.blog/account/signin?email=example%40example.com"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns an empty object on success.
Example response:

```json
{}
```

### POST /account/verify

URL: `https://micro.blog/account/verify`

Verifies an emailed sign-in or app token and returns account information plus the API token to use on authenticated requests.




Query parameters:
- `token` (string, required): Verification or access token.
  Example: `EF7BB9BCAC1F6D561C93`






Example request:

```sh
curl -X POST "https://micro.blog/account/verify?token=Bearer+EF7BB9BCAC1F6D561C93"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns user information and authentication token upon successful verification.
Response properties:

- `token` (string): Authentication token for subsequent API requests.
  Example: `EF7BBXXXXXX..`
  Important: Include this value in the `Authorization` header as `Bearer {token}` for authenticated API requests.
- `name` (string): The user's display name.
  Example: `Vincent`
- `username` (string): The user's username.
  Example: `vincent`
- `avatar` (string): URL to the user's avatar image.
  Example: `https://avatars.micro.blog/avatars/2025/39/3008.jpg`
- `bio` (string): The user's bio or description.
- `default_site` (string): The user's default Micro.blog site.
  Example: `vincent-social.micro.blog`
- `full_name` (string): The user's full name.
  Example: `Vincent`
- `gravatar_url` (string): URL to the user's Gravatar image.
  Example: `https://avatars.micro.blog/avatars/2025/39/3008.jpg`
- `has_site` (boolean): Whether the user has a Micro.blog site.
  Example: `true`
- `plan` (string): The user's current subscription plan.
  Example: `premium`
- `plans` (array of string): Array of subscription plans the user has access to.
  Example: `[premium]`
- `is_fullaccess` (boolean): Whether the user has full access features.
  Example: `true`
- `is_premium` (boolean): Whether the user has a premium subscription.
  Example: `true`
- `is_using_ai` (boolean): Whether the user is using AI features.

Example response:

```json
{
  "token": "EF7BBXXXXXX..",
  "name": "Vincent",
  "username": "vincent",
  "avatar": "https://avatars.micro.blog/avatars/2025/39/3008.jpg",
  "bio": "",
  "default_site": "vincent-social.micro.blog",
  "full_name": "Vincent",
  "gravatar_url": "https://avatars.micro.blog/avatars/2025/39/3008.jpg",
  "has_site": true,
  "plan": "premium",
  "plans": [
    "premium"
  ],
  "is_fullaccess": true,
  "is_premium": true,
  "is_using_ai": false
}

```

### POST /account/apple

URL: `https://micro.blog/account/apple`

Verifies a Sign in with Apple identity token and returns a temporary Micro.blog verification token.




Query parameters:
- `identity_token` (string, required): Apple identity token.
  Example: `APPLE_IDENTITY_TOKEN`
- `user_id` (string, required): Apple user identifier.
  Example: `001234.apple`
- `email` (string, optional): Email address.
  Example: `example@example.com`
- `full_name` (string, optional): Full display name.
  Example: `Vincent`
- `username` (string, optional): Micro.blog username.
  Example: `vincent`






Example request:

```sh
curl -X POST "https://micro.blog/account/apple?identity_token=APPLE_IDENTITY_TOKEN&user_id=001234.apple"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns a JSON response.
Example response:

```json
{
  "username": "vincent",
  "token": "EF7BB9BCAC1F6D561C93"
}
```

### POST /indieauth/approve

URL: `https://micro.blog/indieauth/approve`

Approves an IndieAuth authorization request and redirects to the client with a code.




Query parameters:
- `scope` (string, optional): Requested or granted scope string.
  Example: `profile read create update`






Example request:

```sh
curl -X POST "https://micro.blog/indieauth/approve"
```

Response:
- Status: 302
- Content-Type: `text/html`
- Description: Redirects to the registered redirect URI with `code` and `state`.
Example response:

```html
HTTP/1.1 302 Found
Location: https://example-app.com/callback?code=AUTHCODE&state=state123
```

### GET /indieauth/auth

URL: `https://micro.blog/indieauth/auth`

Starts the IndieAuth authorization flow and renders the authorization screen.




Query parameters:
- `me` (string, optional): Canonical user URL.
  Example: `https://example.micro.blog/`
- `client_id` (string, required): IndieAuth client ID URL.
  Example: `https://example-app.com/`
- `redirect_uri` (string, required): IndieAuth redirect URI.
  Example: `https://example-app.com/callback`
- `state` (string, optional): Opaque client state returned to the redirect URI.
  Example: `state123`
- `response_type` (string, optional): IndieAuth response type.
  Example: `code`
- `scope` (string, optional): Requested or granted scope string.
  Example: `profile read create update`
- `inkwell` (integer, optional): Set to `1` for Inkwell-specific authorization.
  Example: `1`






Example request:

```sh
curl -X GET "https://micro.blog/indieauth/auth?client_id=https%3A%2F%2Fexample-app.com%2F&redirect_uri=https%3A%2F%2Fexample-app.com%2Fcallback"
```

Response:
- Status: 200
- Content-Type: `text/html`
- Description: Returns the authorization screen.
Example response:

```html
<!doctype html>
<html>
  <body>IndieAuth authorization screen</body>
</html>
```

### POST /indieauth/auth

URL: `https://micro.blog/indieauth/auth`

Verifies an IndieAuth authorization code for clients that only need identity information.




Query parameters:
- `code` (string, required): Authorization code.
  Example: `AUTHCODE`
- `redirect_uri` (string, required): IndieAuth redirect URI.
  Example: `https://example-app.com/callback`
- `client_id` (string, required): IndieAuth client ID URL.
  Example: `https://example-app.com/`






Example request:

```sh
curl -X POST "https://micro.blog/indieauth/auth?code=AUTHCODE&redirect_uri=https%3A%2F%2Fexample-app.com%2Fcallback&client_id=https%3A%2F%2Fexample-app.com%2F"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns a JSON response.
Example response:

```json
{
  "me": "https://vincent.micro.blog/",
  "profile": {
    "name": "Vincent",
    "url": "https://vincent.micro.blog/",
    "photo": "https://avatars.micro.blog/avatars/2025/39/3008.jpg",
    "nickname": "vincent"
  }
}
```

### GET /indieauth/token

URL: `https://micro.blog/indieauth/token`

Introspects an IndieAuth bearer token and returns profile and scope information.






Header parameters:
- `Authorization` (string, required): Bearer token for authentication. Format: `Bearer {token}`.
  Example: `Bearer EF7BB9BCAC1F6D561C93`




Example request:

```sh
curl -X GET "https://micro.blog/indieauth/token" \
  --header "Authorization: Bearer EF7BB9BCAC1F6D561C93"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns a JSON response.
Example response:

```json
{
  "me": "https://vincent.micro.blog/",
  "client_id": "Example App",
  "scope": "profile read create update",
  "profile": {
    "name": "Vincent",
    "url": "https://vincent.micro.blog/",
    "photo": "https://avatars.micro.blog/avatars/2025/39/3008.jpg",
    "nickname": "vincent"
  }
}
```

### POST /indieauth/token

URL: `https://micro.blog/indieauth/token`

Exchanges an IndieAuth authorization code for profile information and, when requested, an access token.




Query parameters:
- `code` (string, required): Authorization code.
  Example: `AUTHCODE`
- `redirect_uri` (string, required): IndieAuth redirect URI.
  Example: `https://example-app.com/callback`
- `client_id` (string, required): IndieAuth client ID URL.
  Example: `https://example-app.com/`






Example request:

```sh
curl -X POST "https://micro.blog/indieauth/token?code=AUTHCODE&redirect_uri=https%3A%2F%2Fexample-app.com%2Fcallback&client_id=https%3A%2F%2Fexample-app.com%2F"
```

Response:
- Status: 200
- Content-Type: `application/json`
- Description: Returns a JSON response.
Example response:

```json
{
  "scope": "profile read create update",
  "me": "https://vincent.micro.blog/",
  "profile": {
    "name": "Vincent",
    "url": "https://vincent.micro.blog/",
    "photo": "https://avatars.micro.blog/avatars/2025/39/3008.jpg",
    "nickname": "vincent"
  },
  "token_type": "Bearer",
  "access_token": "EF7BB9BCAC1F6D561C93"
}
```