# AuthShore — Managed Auth Infrastructure for SaaS
# https://authshore.ai
# Version: 2.1.3
# For coding agents: Claude Code, Cursor, Cline, Windsurf, Aider, Codex

## Quick Reference

All requests require: X-API-Key: ${AUTHSHORE_API_KEY}
Base URL: https://authshore.ai

## Authentication
POST /api/v1/auth/signup — Create user { email, password, userPoolId? }
POST /api/v1/auth/signin — Sign in { email, password }
POST /api/v1/auth/forgot-password — Request reset { email }
POST /api/v1/auth/reset-password — Complete reset { token, newPassword }

## User Pools (Cognito-compatible SDK)
POST /api/v1/sdk/cognito/pools — Create pool { name, passwordPolicy, mfaSettings }
GET /api/v1/sdk/cognito/pools — List pools
GET /api/v1/sdk/cognito/pools/:id — Get pool
PATCH /api/v1/sdk/cognito/pools/:id — Update pool
DELETE /api/v1/sdk/cognito/pools/:id — Delete pool (must be empty)
POST /api/v1/sdk/cognito/pools/:id/users — Add user to pool
GET /api/v1/sdk/cognito/pools/:id/users — List pool users
POST /api/v1/sdk/cognito/pools/:id/auth/signup — Signup in pool
POST /api/v1/sdk/cognito/pools/:id/auth/signin — Signin in pool
POST /api/v1/sdk/cognito/pools/:id/groups — Create group
GET /api/v1/sdk/cognito/pools/:id/groups — List groups
POST /api/v1/sdk/cognito/pools/:id/groups/:gid/users — Add user to group

## Secrets Vault (Encrypted Credentials)
POST /api/v1/sdk/secrets — Store secret { key, value, environment?, folder? }
GET /api/v1/sdk/secrets — List secrets
GET /api/v1/sdk/secrets/:id — Read secret (decrypted)
PATCH /api/v1/sdk/secrets/:id — Update secret (creates new version)
DELETE /api/v1/sdk/secrets/:id — Delete secret
GET /api/v1/sdk/secrets/:id/versions — List versions
POST /api/v1/sdk/secrets/:id/rollback — Rollback to version
GET /api/v1/sdk/secrets/stats — Vault statistics
GET /api/v1/sdk/secrets/folders — List folders
GET /api/v1/sdk/secrets/environments — List environments
POST /api/v1/sdk/secrets/import — Bulk import (.env format)
POST /api/v1/sdk/secrets/export — Export as .env

## Token Management
GET /api/v1/tokens — List tokens
POST /api/v1/tokens/validate — Validate JWT
POST /api/v1/tokens/refresh — Refresh token pair
POST /api/v1/tokens/revoke — Revoke token
GET /api/v1/tokens/stats — Token statistics
DELETE /api/v1/tokens/:id — Delete token

## Admin
GET /api/v1/users — List users
GET /api/v1/customers — List customers
GET /api/v1/admin/stats — Platform statistics
GET /api/v1/admin/users — Admin user list
GET /api/v1/admin/audit-log — Audit trail

## Status
GET /api/v1/status/health — Component health
GET /api/v1/status/components — All components
GET /api/v1/status/incidents — Recent incidents
GET /api/v1/status/metrics — Performance metrics

## System
GET /health — Server health check
GET /api/v1/info — Platform info
GET /api/v1/saas-instances — List SaaS instances

## Cookie Consent (GDPR/CCPA)
POST /api/cookie-consent/consent — Record consent
GET /api/cookie-consent/consent — Get consent status
GET /api/cookie-consent/banner — Get banner config
POST /api/cookie-consent/withdraw — Withdraw consent

## Key Concepts
- User Pools: Cognito-compatible containers for end-user identities
- Per-project JWT secrets: each SaaS tenant has isolated signing keys
- Secrets vault: AES-256 encrypted, versioned, with rollback
- Predictable pricing: flat-rate, no per-MAU charges
- Password hash export: full data portability (bcrypt hashes exportable)
- Multi-tenant: each SaaS instance is fully isolated

## Pricing
- Free: $0/mo + $1 verification (1 pool, 100 users, 25 secrets)
- Starter: $29/mo (5 pools, 1K users, 200 secrets)
- Professional: $99/mo (unlimited pools, 10K users, 2K secrets)
- Enterprise: Custom

## Links
- Quickstart: https://authshore.ai/docs/quickstart.html
- API Docs: https://authshore.ai/docs
- Status: https://authshore.ai/health