Auth | API Reference | Turing-APAC Docs

get

Initiate Google OAuth login flow

Args: redirect_uri: Frontend callback URL team_id: Optional team context to include in JWT (will be validated)

Returns: Redirect to Google OAuth consent screen

Query parameters

redirect_uristringRequired

team_idany ofOptional

Requested team context for JWT

stringOptional

or

nullOptional

Responses

200

Successful Response

application/json

Responseany

422

Validation Error

application/json

get

/v1/auth/login

GET /v1/auth/login?redirect_uri=text HTTP/1.1
Host: 
Accept: */*

No content

Callback

post

Handle OAuth callback and exchange code for JWT token

Args: request: Authorization code from Google plus optional state

Returns: JWT token and user context

Body

codestringRequired

stateany ofOptional

stringOptional

or

nullOptional

redirect_uristringRequired

Responses

200

Successful Response

application/json

422

Validation Error

application/json

post

/v1/auth/callback

POST /v1/auth/callback HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 52

{
  "code": "text",
  "state": "text",
  "redirect_uri": "text"
}

{
  "token": "text",
  "user": {
    "user_id": "text",
    "user_email": "text",
    "user_name": "text",
    "org_id": "text",
    "team_id": "text",
    "project_id": "text",
    "org_name": "text",
    "team_name": "text",
    "project_name": "text",
    "user_picture": "text",
    "given_name": "text",
    "family_name": "text",
    "locale": "text",
    "email_verified": false,
    "global_role": "member",
    "team_role": "text",
    "project_role": "text",
    "permissions": [
      "text"
    ],
    "mfa_verified": false,
    "device_trusted": false
  }
}

Callback Preflight

options

Responses

200

Successful Response

application/json

Responseany

options

/v1/auth/callback

OPTIONS /v1/auth/callback HTTP/1.1
Host: 
Accept: */*

200

Successful Response

No content

Get Me

get

Get current user context with org/team/project names and profile info.

Performance optimized: All data is embedded in JWT during login. No database queries are made - this endpoint is lightning fast.

Returns: Current user context with roles, permissions, display names, and profile picture

Header parameters

authorizationany ofOptional

stringOptional

or

nullOptional

X-Atlas-API-Keyany ofOptional

stringOptional

or

nullOptional

Responses

200

Successful Response

application/json

422

Validation Error

application/json

get

/v1/auth/me

GET /v1/auth/me HTTP/1.1
Host: 
Accept: */*

{
  "user_id": "text",
  "user_email": "text",
  "user_name": "text",
  "org_id": "text",
  "team_id": "text",
  "project_id": "text",
  "org_name": "text",
  "team_name": "text",
  "project_name": "text",
  "user_picture": "text",
  "given_name": "text",
  "family_name": "text",
  "locale": "text",
  "email_verified": false,
  "global_role": "member",
  "team_role": "text",
  "project_role": "text",
  "permissions": [
    "text"
  ],
  "mfa_verified": false,
  "device_trusted": false
}

Switch Context

post

Switch team/project context

DISABLED FOR MULTI-DOMAIN ARCHITECTURE

In a multi-domain setup, each team has its own domain (e.g., team-a.example.com, team-b.example.com). Users should access the team's specific domain directly rather than switching contexts.

To access a different team:

Logout from current domain
Navigate to the target team's domain
Login with that team's context

Args: request: New team_id and/or project_id

Returns: Error indicating team switching is not supported

Header parameters

authorizationany ofOptional

stringOptional

or

nullOptional

X-Atlas-API-Keyany ofOptional

stringOptional

or

nullOptional

Body

team_idany ofOptional

stringOptional

or

nullOptional

project_idany ofOptional

stringOptional

or

nullOptional

Responses

200

Successful Response

application/json

422

Validation Error

application/json

post

/v1/auth/switch-context

POST /v1/auth/switch-context HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 38

{
  "team_id": "text",
  "project_id": "text"
}

{
  "user_id": "text",
  "user_email": "text",
  "user_name": "text",
  "org_id": "text",
  "team_id": "text",
  "project_id": "text",
  "org_name": "text",
  "team_name": "text",
  "project_name": "text",
  "user_picture": "text",
  "given_name": "text",
  "family_name": "text",
  "locale": "text",
  "email_verified": false,
  "global_role": "member",
  "team_role": "text",
  "project_role": "text",
  "permissions": [
    "text"
  ],
  "mfa_verified": false,
  "device_trusted": false
}

Refresh Token

post

Refresh access token using refresh token

Args: request: Refresh token

Returns: New access token

Body

refresh_tokenstringRequired

Responses

200

Successful Response

application/json

422

Validation Error

application/json

post

/v1/auth/refresh

POST /v1/auth/refresh HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 24

{
  "refresh_token": "text"
}

{
  "access_token": "text"
}

Logout

post

Logout user

Logs logout event for audit trail. In the future, this endpoint can be extended to:

Invalidate tokens (token blacklist)
Clear server-side sessions
Log security events

Args: current_user: Current authenticated user from JWT token

Returns: Success message

Header parameters

authorizationany ofOptional

stringOptional

or

nullOptional

X-Atlas-API-Keyany ofOptional

stringOptional

or

nullOptional

Responses

200

Successful Response

application/json

Responseany

422

Validation Error

application/json

post

/v1/auth/logout

POST /v1/auth/logout HTTP/1.1
Host: 
Accept: */*

No content

Sso Login Page

get

SSO Login Page - Opens in popup, handles entire OAuth flow.

This endpoint renders a login page that:

Shows "Sign in with Google" button
Redirects to Google OAuth
On success, sends token via postMessage to opener window
Closes popup automatically

Usage (Consumer UI):

// Open SSO popup
const popup = window.open(
    'https://auth-guard.run.app/v1/auth/sso?origin=' + encodeURIComponent(window.location.origin),
    'Atlas SSO',
    'width=500,height=600'
);

// Listen for auth result
window.addEventListener('message', (event) => {
    if (event.data.type === 'ATLAS_AUTH_SUCCESS') {
        const { token, user } = event.data;
        localStorage.setItem('auth_token', token);
        // User is logged in!
    }
});

Args: origin: Consumer app origin (e.g., https://myapp.turing.com) team_id: Optional team ID for team-specific login

Returns: HTML login page

Query parameters

originstringRequired

Origin URL of the consumer app (for postMessage)

team_idany ofOptional

Optional team ID for team-specific login

stringOptional

or

nullOptional

project_idany ofOptional

Optional project ID for project-specific login (requires team_id)

stringOptional

or

nullOptional

Responses

200

Successful Response

text/html

Responsestring

422

Validation Error

application/json

get

/v1/auth/sso

GET /v1/auth/sso?origin=text HTTP/1.1
Host: 
Accept: */*

text

Sso Callback

get

SSO Callback - Internal endpoint for OAuth callback.

This endpoint:

Exchanges authorization code for tokens
Creates/updates user in database
Generates JWT
Returns HTML that sends postMessage to opener window

This is called by Google OAuth redirect, not by consumer apps directly.

Query parameters

codestringRequired

statestringRequired

Responses

200

Successful Response

text/html

Responsestring

422

Validation Error

application/json

get

/v1/auth/sso/callback

GET /v1/auth/sso/callback?code=text&state=text HTTP/1.1
Host: 
Accept: */*

text

Good night

Login

Callback

Callback Preflight

Get Me

Switch Context

Refresh Token

Logout

Sso Login Page

Sso Callback