RidgeCRM Developer Docs

API Reference

Auth API

Authenticate integrations, inspect the current user, and revoke API sessions.

API auth flow

RidgeCRM API clients authenticate with a Bearer JWT. In the current codebase, the programmatic login path exchanges a Google identity token for a RidgeCRM token, then subsequent calls include that token and an organization header.

1

Exchange

Post a Google `idToken` to `/api/v1/auth/google`.

2

Store token

Keep the returned JWT in your integration secret store.

3

Pick org

Include `X-Organization-ID` for org-scoped data calls.

4

Revoke

Use logout or revoke-all when rotating access.

Endpoints

POST /api/v1/auth/google Public

Exchange a Google identity token for RidgeCRM API credentials.

Request

POST /api/v1/auth/google
Content-Type: application/json

{
  "idToken": "google-id-token-from-client"
}

Response

{
  "token": "eyJhbGciOiJIUzI1NiIs...",
  "user": {
    "id": "user_123",
    "email": "rep@example.com",
    "firstName": "Avery",
    "lastName": "Stone"
  }
}
GET /api/v1/auth/me Bearer JWT

Return the authenticated user and token-backed session context.

Request

GET /api/v1/auth/me
Authorization: Bearer <jwt>

Response

{
  "user": {
    "id": "user_123",
    "email": "rep@example.com"
  }
}
POST /api/v1/auth/revoke-all Bearer JWT

Revoke active JWT sessions for the authenticated user when rotating credentials.

Request

POST /api/v1/auth/revoke-all
Authorization: Bearer <jwt>

Response

{
  "success": true
}