API Key Authentication
API keys are the recommended method for server-to-server integrations, CI/CD pipelines, and SDK usage. Pass the key in theAuthorization header:
Session Authentication
Session-based auth is used by the Studio and browser clients. It requires a CSRF token for all mutation requests.Login
/api/v1/auth/login
Authenticate with email and password. Returns a session and sets an HTTP-only
session cookie.
User’s email address.
User’s password.
mdcms_session HTTP-only cookie and a mdcms_csrf cookie containing the CSRF token. Include the CSRF token in the X-MDCMS-CSRF-Token header for all subsequent mutation requests.
Logout
/api/v1/auth/logout
End the current session. Requires session cookie and CSRF token.
SSO Authentication
Initiate OIDC
/api/v1/auth/sso/{provider}
Initiate an OpenID Connect authentication flow with an external identity
provider.
The identity provider slug (e.g.,
google, github, okta).redirectUrl. After successful authentication, the provider redirects back to the MDCMS callback URL, which establishes a session.
SAML Assertion Consumer
/api/v1/auth/saml/acs
SAML assertion consumer service endpoint. Receives and processes SAML
assertions from the identity provider after authentication.
SAML Metadata
/api/v1/auth/saml/metadata
Returns the SAML service provider metadata XML document. Use this URL when
configuring MDCMS as a service provider in your identity provider’s admin
console.
Content-Type: application/xml.
CLI Device Flow
The CLI uses a device authorization flow to authenticate without exposing credentials on the command line. This flow is initiated bymdcms login.
Start Challenge
/api/v1/auth/cli/start
Begin a CLI device authorization flow. Returns a challenge ID and a URL for
the user to authorize in their browser.
Project slug to authorize against.
Environment to authorize against.
Authorize Challenge
/api/v1/auth/cli/authorize
Authorize a pending CLI device challenge. Called from the browser after the
user logs in and approves the CLI session.
Exchange Code
/api/v1/auth/cli/exchange
Exchange the authorization code for an API key. Called by the CLI after the
user authorizes the challenge.
Current Principal
Get Current User
/api/v1/me
Returns the current authenticated principal’s identity and capabilities within
the active project and environment.
Environments
List Environments
/api/v1/environments
Returns all environments configured for the current project.
The
X-MDCMS-Environment header is still required for this endpoint, even
though it returns all environments. The header is used for authentication
context.