# Authentication

> One bearer token, every request.

Authenticated endpoints use a Sanctum personal access token. Send it as a bearer token in the Authorization header. Tokens must carry the `api_requests` ability.

    Authorization: Bearer <your-token>
    Accept: application/json

## Verify the current token

```http
GET /v1/auth
```

Returns the account the token belongs to. Use it to confirm a token is valid and to read the signed-in identity.

- **Auth:** Bearer token
- **Token abilities:** `api_requests`
- **Gates:** logApiRequest
- **Credits:** Free — no credits consumed.

### Responses

**200** — Token is valid.

```json
{
    "data": {
        "email": "dev@example.com",
        "name": "Ada Lovelace"
    }
}
```

**401** — Missing or invalid token.

```json
{
    "message": "Unauthenticated."
}
```

**403** — Token lacks the api_requests ability.

```json
{
    "message": "Invalid ability provided."
}
```

### Examples

*Curl*

```bash
curl https://snapsbrew.com/api/v1/auth \
  -H 'Authorization: Bearer <your-token>' \
  -H 'Accept: application/json'
```