Runbits supports multiple authentication methods. All tokens are JWT (HMAC-SHA256). Include the access token in the Authorization: Bearer <token> header.
Classic credential-based login via POST /api/auth/login.
Pass a Google id_token to POST /api/auth/google.
Pass an Apple id_token to POST /api/auth/apple/callback.
Redirect-based flow via GET /api/auth/facebook/callback.
Passwordless email link via POST /api/auth/magic-link/request.
One-time code via POST /api/auth/otp/request + otp/verify.