Every PingBack API request must include a valid Bearer token in the Authorization header. You get this token by registering or logging in. PingBack also supports signing in with Google.
Register
Create a new account by sending your email address, full name, and a password. Passwords must be at least 8 characters.
POST /api/v1/auth/register
curl -X POST https://api.pingback.live/api/v1/auth/register \
-H "Content-Type: application/json" \
-d '{
"email": "you@example.com",
"full_name": "Ada Lovelace",
"password": "supersecret123"
}'
const response = await fetch("https://api.pingback.live/api/v1/auth/register", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
email: "you@example.com",
full_name: "Ada Lovelace",
password: "supersecret123",
}),
});
const { access_token } = await response.json();
Request body
Your email address. Must be a valid email format.
Your display name shown in the PingBack dashboard.
Must be at least 8 characters.
Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
The JWT you’ll include in every subsequent request.
Log in
If you already have an account, exchange your email and password for a token.
POST /api/v1/auth/login
curl -X POST https://api.pingback.live/api/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"email": "you@example.com",
"password": "supersecret123"
}'
const response = await fetch("https://api.pingback.live/api/v1/auth/login", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
email: "you@example.com",
password: "supersecret123",
}),
});
const { access_token } = await response.json();
Request body
The email address you registered with.
Response
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer"
}
Authenticate requests
Pass your token in the Authorization header on every protected API call:
Authorization: Bearer <your_access_token>
Never expose your token in client-side JavaScript, public repositories, or log output. Treat it like a password. If you believe a token has been compromised, log out to invalidate it and log in again to get a new one.
Example authenticated request
curl https://api.pingback.live/api/v1/auth/me \
-H "Authorization: Bearer <your_access_token>"
Verify your token
Call GET /api/v1/auth/me to confirm your token is valid and to retrieve your user profile and workspace context.
GET /api/v1/auth/me
curl https://api.pingback.live/api/v1/auth/me \
-H "Authorization: Bearer <your_access_token>"
const response = await fetch("https://api.pingback.live/api/v1/auth/me", {
headers: {
Authorization: `Bearer ${accessToken}`,
},
});
const context = await response.json();
Response
{
"user": {
"id": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"email": "you@example.com",
"full_name": "Ada Lovelace",
"is_verified": true,
"is_google_account": false,
"avatar_url": null
},
"business": {
"id": "8e4a1b2c-3d5f-4e6a-9b7c-1d2e3f4a5b6c",
"name": "Acme Support",
"website": "https://acme.com",
"industry": "E-commerce",
"team_size": "1-10",
"goal": "Improve customer response time",
"created_at": "2026-04-05T10:00:00Z"
},
"onboarding_complete": true,
"team_role": "owner"
}
Your unique user identifier.
The email address on your account.
Whether your email address has been verified.
true if you signed in with Google OAuth.
Your workspace details. null if you haven’t created a workspace yet.
true once you’ve created a workspace. Use this to gate onboarding UI.
Your role in the workspace — "owner" or a team member role. null if no workspace exists yet.
Sign in with Google
PingBack supports Google OAuth as an alternative to email and password. Pass the Google ID token from your frontend OAuth flow to:
POST /api/v1/auth/google
curl -X POST https://api.pingback.live/api/v1/auth/google \
-H "Content-Type: application/json" \
-d '{
"id_token": "<google_id_token>"
}'
The response is identical to email login — you receive an access_token to use as a Bearer token.
Error responses
| Status | Meaning |
|---|
401 Unauthorized | Token is missing, expired, or invalid. Check that you included the Authorization: Bearer header and that the token hasn’t expired. |
422 Unprocessable Entity | Request body failed validation. Check that email is a valid email address and password is at least 8 characters. |
401 example
{
"detail": "Missing bearer token"
}
422 example
{
"detail": [
{
"loc": ["body", "password"],
"msg": "Password must be at least 8 characters",
"type": "value_error"
}
]
}
If you receive a 401 on a request you expect to succeed, call GET /api/v1/auth/me first to confirm your token is still valid. If that also returns 401, log in again to get a fresh token.