Skip to main content

Authentication

Team6 API uses JWT (JSON Web Token) authentication. All API requests must include a valid JWT token.

Getting a Token

GitHub OAuth Login

The primary authentication method is GitHub OAuth:

  1. Navigate to https://app.team6.ai/login
  2. Click "Sign in with GitHub"
  3. Authorize the Team6 application
  4. You'll receive a JWT token

API Token

For programmatic access, retrieve your API token from the dashboard:

  1. Log in to Team6
  2. Go to SettingsAPI Tokens
  3. Generate a new token

Using Your Token

Include the JWT token in the Authorization header:

curl https://api.team6.ai/projects \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Environment Variable

Store your token securely:

export TEAM6_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

# Then use it in requests
curl https://api.team6.ai/projects \
  -H "Authorization: Bearer $TEAM6_TOKEN"

Project Membership

Most endpoints require project membership. Access is determined by:

  1. Owner - Full access, can delete project
  2. Admin - Can manage members and settings
  3. Member - Can create and manage tasks

Checking Membership

The API automatically checks your membership when you access project resources:

# This will fail if you're not a member of proj_xxx
curl https://api.team6.ai/projects/proj_xxx/tasks \
  -H "Authorization: Bearer $TEAM6_TOKEN"

Error Responses

401 Unauthorized

Token is missing or invalid:

{
  "statusCode": 401,
  "message": "Unauthorized"
}

403 Forbidden

You don't have access to this resource:

{
  "statusCode": 403,
  "message": "Not a member of this project"
}

404 Not Found

Resource doesn't exist or you can't access it:

{
  "statusCode": 404,
  "message": "Project proj_xxx not found"
}

Token Security

Best Practices
  • Never commit tokens to version control
  • Use environment variables for storage
  • Rotate tokens periodically
  • Use the minimum required permissions

Project Tokens

Projects can also have their own tokens for integrations:

GitHub Token

For git operations (clone, push, PR creation):

curl -X POST https://api.team6.ai/projects/proj_xxx/github-token \
  -H "Authorization: Bearer $TEAM6_TOKEN" \
  -d '{"token": "ghp_xxxxxxxxxxxx"}'

Claude Token

For AI agent operations (optional, falls back to global):

curl -X POST https://api.team6.ai/projects/proj_xxx/claude-token \
  -H "Authorization: Bearer $TEAM6_TOKEN" \
  -d '{"token": "sk-ant-xxxxxxxxxxxx"}'