Root user programmatic signin

curl --request POST \
  --url https://{notifuseDomain}/api/user.rootSignin \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "[email protected]",
  "timestamp": 1735600000,
  "signature": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
}
'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoidXNyXzEyMzQ1Njc4OTAiLCJzZXNzaW9uX2lkIjoic2VzXzEyMzQ1Njc4OTAiLCJleHAiOjE3MzU2ODY0MDB9.signature",
  "user": {
    "id": "usr_1234567890",
    "email": "[email protected]",
    "name": "Admin User",
    "created_at": "2025-01-01T00:00:00Z",
    "updated_at": "2025-01-01T00:00:00Z"
  },
  "expires_at": "2025-01-01T12:00:00Z"
}

Authentication

Root user programmatic signin

Authenticates the root user using HMAC signature for programmatic access. This endpoint is designed for automation scenarios like Infrastructure-as-Code deployments, CI/CD pipelines, and automated testing where magic link authentication is impractical.

Security Features:

HMAC-SHA256 signature verification using the application’s secret key
60-second timestamp window to prevent replay attacks
Rate limited to 5 attempts per 5 minutes per email
Only works for the configured root email address

How to generate the signature:

SECRET_KEY="your-notifuse-secret-key"
ROOT_EMAIL="[email protected]"
TIMESTAMP=$(date +%s)
MESSAGE="${ROOT_EMAIL}:${TIMESTAMP}"
SIGNATURE=$(echo -n "$MESSAGE" | openssl dgst -sha256 -hmac "$SECRET_KEY" | awk '{print $2}')

POST

api

user.rootSignin

Root user programmatic signin

curl --request POST \
  --url https://{notifuseDomain}/api/user.rootSignin \
  --header 'Content-Type: application/json' \
  --data '
{
  "email": "[email protected]",
  "timestamp": 1735600000,
  "signature": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
}
'

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoidXNyXzEyMzQ1Njc4OTAiLCJzZXNzaW9uX2lkIjoic2VzXzEyMzQ1Njc4OTAiLCJleHAiOjE3MzU2ODY0MDB9.signature",
  "user": {
    "id": "usr_1234567890",
    "email": "[email protected]",
    "name": "Admin User",
    "created_at": "2025-01-01T00:00:00Z",
    "updated_at": "2025-01-01T00:00:00Z"
  },
  "expires_at": "2025-01-01T12:00:00Z"
}

Body

application/json

Request payload for root user programmatic signin using HMAC signature

string<email>

required

The root user's email address (must match configured ROOT_EMAIL)

Example:

"[email protected]"

timestamp

integer<int64>

required

Unix timestamp (seconds since epoch). Must be within 60 seconds of server time.

Example:

1735600000

signature

string

required

HMAC-SHA256 signature computed as: HMAC-SHA256(email + ":" + timestamp, SECRET_KEY) The signature should be hex-encoded.

Example:

"a1b2c3d4e5f6..."

Response

Authentication successful

Successful authentication response containing JWT token and user details

token

string

required

JWT authentication token for subsequent API requests

Example:

"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

user

object

required

User account information

Show child attributes

expires_at

string<date-time>

required

Token expiration timestamp

Example:

"2025-01-01T12:00:00Z"

Send a transactional notification

⌘I

Authentication

Transactional

Contacts

Lists

Custom Events

Broadcasts

Templates

Webhooks

Root user programmatic signin

Body

Response