Authentication & accounts
Your app's end-users sign up and log in through the /account service. A
successful login returns a session; the client sends it back on every request (the SDK
handles this automatically via a cookie, or you pass the secret in X-Appwrite-Session).
Sign up & log in
# Create an account
curl -X POST "https://base.finiteskills.com/v1/account" -H "X-Appwrite-Project: <YOUR_PROJECT_ID>" \
-H "Content-Type: application/json" \
-d '{"userId":"unique()","email":"user@example.com","password":"password123","name":"Jane"}'
# Create a session (log in)
curl -X POST "https://base.finiteskills.com/v1/account/sessions/email" -H "X-Appwrite-Project: <YOUR_PROJECT_ID>" \
-H "Content-Type: application/json" \
-d '{"email":"user@example.com","password":"password123"}'
Read the current account with GET /account, list sessions, and log out with
DELETE /account/sessions/current.
Login methods
- Email + password —
POST /account/sessions/email. - Anonymous —
POST /account/sessions/anonymous; later upgrade withPATCH /account/emailto attach an email + password. - Magic link —
POST /account/tokens/magic-urlemails a link; complete withPOST /account/sessions/token. - Email OTP —
POST /account/tokens/emailsends a 6-digit code. - Phone OTP —
POST /account/tokens/phone(requires an SMS gateway to be configured for the deployment). - OAuth / OIDC —
GET /account/sessions/oauth2/{provider}for Google, GitHub, or a generic OIDC provider your project admin configures.
Two-factor (TOTP)
A signed-in user can enable authenticator-app 2FA:
POST /account/mfa/totp -> { secret, uri } (show the uri as a QR code)
PUT /account/mfa/totp -> { recoveryCodes } (verify a 6-digit code to enable)
# Afterwards, email login also requires an `otp` field:
POST /account/sessions/email { email, password, otp }
Email verification & password reset
POST /account/verifications/email sends a verification link;
POST /account/recovery starts a password reset. When the deployment has email configured, the
link is emailed; otherwise the token is returned in the response for your app to deliver.
JWTs for your own backend
POST /account/jwt returns a short-lived JWT the client can forward to your backend, which
passes it to FiniteBase as X-Appwrite-JWT to act as that user.