Developer API
Authentication
The API uses Grik account identity for key management and scoped developer API keys for production integrations.
#User tokens
Use device login for browserless clients, local Ricochet tooling, and account-owned key management.
/auth/device/codeCreate a device code, user code, verification URL, expiry, and polling interval.
/auth/device/tokenExchange an approved device code for access and refresh tokens.
/auth/refreshRotate a refresh token and receive a fresh access token.
/users/meReturn the authenticated user profile used for billing and ownership.
#Developer API keys
Use API keys for production server-side integrations. Keys are scoped and can be revoked.
/auth/api-keysIssue an organization API key such as grik_live_... for server-side integrations.
/auth/api-keysList active and revoked API keys without exposing the raw secret.
/auth/api-keys/:idRevoke an API key by id. Revoked keys fail authentication immediately.