Skip to content

Overview

HTTP API for the Henceforth platform: metadata, data, auth, IAM, and HFX runtime endpoints.

Information

  • OpenAPI version: 3.1.0

ES256-signed JWT issued by POST /auth/login, POST /auth/verify, or the session-exchange flow. Sent as Authorization: Bearer <token>.

Security scheme type: http

Bearer format: JWT

Session JWT carried in the hf_runtime cookie (see crate::auth::cookie::RUNTIME_COOKIE_NAME), auto-attached by the browser to same-origin requests under Path=/hfx/modules. Used instead of bearerAuth where native import() cannot set an Authorization header.

Security scheme type: apiKey

Cookie parameter name: hf_runtime