Skip to main content
The Sunbird AI API uses Bearer Token authentication. You must include a valid access token in the Authorization header of your HTTP requests.

Overview

  1. Register an account.
  2. Login to obtain an access token.
  3. Include the token in your requests.
  4. Refresh the token when it expires (every 7 days).

Registration

To start using the API, you need to create an account. You can do this via the /auth/register endpoint.
You will need a valid email address.
curl -X POST "https://api.sunbird.ai/auth/register" \
     -H "Content-Type: application/json" \
     -d '{
           "email": "[email protected]",
           "password": "securePassword123",
           "username": "user123"
         }'

Getting an Access Token

After registering, exchange your credentials for an access token using the /auth/token endpoint. 
curl -X POST "https://api.sunbird.ai/auth/token" \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "[email protected]&password=securePassword123"
The response will include your token: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer"
}

Using the Token

Include the token in the Authorization header of your requests: 
Authorization: Bearer <your_access_token>

Example Request

import requests

headers = {
    "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
response = requests.get("https://api.sunbird.ai/auth/me", headers=headers)

Token Lifetime & Refreshing

Access tokens do not expire. When your token expires, the API will return a 401 Unauthorized error. To “refresh” your token, simply call the /auth/token endpoint again with your credentials to get a new token.

Security Best Practices

Never commit your API tokens or passwords to version control (like GitHub).
  • Environment Variables: Store your tokens in environment variables (e.g., SUNBIRD_API_TOKEN).
  • Backend Proxy: If you are building a frontend application, route requests through your own backend to keep your credentials hidden. Do not expose your token in client-side code.

OAuth Integration

We support Google OAuth for easier login. This is primarily handled via our web interface, but the underlying flow uses standard OAuth 2.0 protocols.

Common Errors

Status CodeErrorDescription
401UnauthorizedThe token is missing, invalid, or expired.
403ForbiddenYou do not have permission to access this resource.