Skip to content
Multiple Natures API

Authentication

The API uses two authentication mechanisms depending on the endpoint.

Session cookies (user-facing endpoints)

Assessment and diagnostic endpoints require a logged-in user session. Sessions are established via the magic-link auth flow:

  1. Call POST /auth/request with the user’s email address.
  2. The API sends a magic link to that address.
  3. When the user clicks the link, GET /auth/callback validates the token and sets a mn_session cookie.
  4. Subsequent requests to session-protected endpoints send this cookie automatically.

Sessions expire after 30 days of inactivity. Call POST /auth/logout to invalidate a session explicitly.

POST /auth/request
Content-Type: application/json


{
  "email": "user@example.com"
}
{
  "ok": true,
  "message": "Magic link sent"
}

API keys (server-to-server endpoints)

The Style Lint endpoint uses Bearer token auth. Include the key in the Authorization header:

POST /v1/style/lint
Authorization: Bearer mnk_live_xxxxxxxxxxxxxxxxxxxxxx
Content-Type: application/json

API keys are issued per integration. Contact steven@multiplenatures.com to request a key.

Public endpoints

Books catalog (GET /books, GET /books/:sku) and Suggest (POST /suggest) require no authentication.

Current user

Once a session is active, you can retrieve the current user at any time:

GET /me
Cookie: mn_session=...
{
  "id": 42,
  "email": "user@example.com",
  "role": "user"
}