Delivery Management API
Manage your Own Auth Delivery apps, settings, keys, and usage programmatically. Everything available in the dashboard is also available through this API.
Base URL
https://api.own-auth.com/v1Authentication
All requests require an account API key in the Authorization header:
Authorization: Bearer oa_your_api_keyCreate an account API key from the dashboard under Account → API Keys. Account API keys have full access to all apps, settings, and keys in your account.
Apps
List apps
GET /apps{
"apps": [
{
"id": "app_x1y2z3",
"name": "My Production App",
"slug": "my-production-app",
"createdAt": "2026-07-10T14:23:01Z"
}
]
}Create an app
POST /apps{
"name": "My Production App"
}Response:
{
"app": {
"id": "app_x1y2z3",
"name": "My Production App",
"slug": "my-production-app",
"createdAt": "2026-07-10T14:23:01Z"
}
}The slug is generated from the name. It is lowercase, hyphenated, and unique.
Get an app
GET /apps/:appIdUpdate an app
PATCH /apps/:appId{
"name": "New App Name"
}Delete an app
DELETE /apps/:appIdDeletes the app, revokes all its keys, and removes access to its settings. Delivery logs are retained for 30 days after deletion. This action is permanent.
Settings
Get app settings
GET /apps/:appId/settings{
"settings": {
"linkMode": "hosted",
"dailySendLimit": 1000,
"allowedUrls": [],
"deepLinkScheme": "coparent://app/auth",
"fallbackUrl": "https://apps.apple.com/app/coparent/id123456789"
}
}| Field | Type | Description |
|---|---|---|
| linkMode | web or hosted | Use web for links to your domain. Use hosted for go.own-auth.com links that continue through a deep link. |
| dailySendLimit | number | Maximum emails sent per day for this app. |
| allowedUrls | string[] | Web mode only. Auth links in emails can point to these web URLs or app schemes. |
| deepLinkScheme | string or null | Hosted mode only. The hosted page redirects to this URI with the one-time auth token attached. Custom app schemes require an installed standalone app registered for the scheme. |
| fallbackUrl | string or null | Hosted mode only. Optional App Store, Play Store, or download URL shown on mobile when the app is not installed. |
Your app sends the one-time token from the deep link to its backend. The own-auth package verifies it and creates the session.
Test custom app schemes on a phone or desktop device with the standalone app installed. A mobile app scheme does not open the mobile app from a desktop browser, and Expo Go may not register the scheme. Configure fallbackUrl for mobile users who do not have the app installed.
Update app settings
PATCH /apps/:appId/settingsSend only the fields you want to change.
Switch to hosted mode with a deep link:
{
"linkMode": "hosted",
"deepLinkScheme": "coparent://app/auth",
"fallbackUrl": "https://apps.apple.com/app/coparent/id123456789"
}Switch to web mode with allowed URLs:
{
"linkMode": "web",
"allowedUrls": [
"https://myapp.com",
"https://staging.myapp.com"
]
}Update the daily send limit:
{
"dailySendLimit": 5000
}Validation
| Field | Rule | Error |
|---|---|---|
| linkMode | Must be web or hosted. | INVALID_LINK_MODE |
| deepLinkScheme | Required when linkMode is hosted. | DEEP_LINK_REQUIRED |
| deepLinkScheme | Must be a valid URI. | INVALID_DEEP_LINK |
| allowedUrls | At least one is required when linkMode is web. | ALLOWED_URL_REQUIRED |
| allowedUrls | Each value must be a valid URI. | INVALID_URL |
| allowedUrls | Maximum 10. | TOO_MANY_URLS |
| fallbackUrl | Must use HTTPS when provided. | INVALID_FALLBACK_URL |
| dailySendLimit | Integer from 1 to 100,000. | INVALID_SEND_LIMIT |
Keys
List keys
GET /apps/:appId/keys{
"keys": [
{
"id": "key_a1b2c3",
"name": "Production",
"prefix": "oad_...a3f8",
"createdAt": "2026-07-10T14:23:01Z"
}
]
}Raw key values are never returned after creation.
Create a key
POST /apps/:appId/keys{
"name": "Production"
}Response:
{
"key": {
"id": "key_a1b2c3",
"name": "Production",
"prefix": "oad_...a3f8",
"createdAt": "2026-07-10T14:23:01Z"
},
"rawKey": "oad_a8f2c1d9e3b7f4a6..."
}rawKey is returned once in this response. Store it securely because it cannot be retrieved again.
Revoke a key
DELETE /apps/:appId/keys/:keyIdThe key stops working immediately.
Rotate a key
POST /apps/:appId/keys/:keyId/rotateCreates a new key and revokes the old one in a single operation.
{
"key": {
"id": "key_d4e5f6",
"name": "Production",
"prefix": "oad_...b7c2",
"createdAt": "2026-07-11T09:15:00Z"
},
"rawKey": "oad_f7e6d5c4b3a2...",
"revokedKeyId": "key_a1b2c3"
}Usage
Get current usage
GET /usageReturns usage for the current billing cycle across all apps.
{
"usage": {
"plan": "pro",
"quota": 50000,
"used": 12482,
"remaining": 37518,
"cycleStart": "2026-07-01T00:00:00Z",
"cycleEnd": "2026-07-31T23:59:59Z",
"overagesEnabled": false,
"overageEmails": 0,
"overageCost": 0,
"apps": [
{ "appId": "app_x1y2z3", "name": "Production", "used": 10200 },
{ "appId": "app_a4b5c6", "name": "Staging", "used": 2282 }
]
}
}Get daily usage
GET /usage/todayThis endpoint is only relevant to Free plans with the 100 email daily limit.
{
"today": {
"used": 42,
"limit": 100,
"remaining": 58,
"resetsAt": "2026-07-12T00:00:00Z"
}
}Errors
All errors use the same response shape:
{
"error": {
"code": "INVALID_DEEP_LINK",
"message": "deepLinkScheme must be a valid URI"
}
}HTTP status codes
| Status | When |
|---|---|
| 200 | Success |
| 201 | Resource created |
| 400 | Validation error |
| 401 | Missing or invalid account API key |
| 403 | Account API key does not have permission |
| 404 | Resource not found |
| 429 | Rate limited |
Rate limits
| Endpoint | Limit |
|---|---|
| All endpoints | 60 requests per minute per account |
Rate-limit headers are included in every response:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 58
X-RateLimit-Reset: 1720693200Full Setup Through the API
Configure a mobile app from scratch with curl:
# Create an app
curl -X POST https://api.own-auth.com/v1/apps \
-H "Authorization: Bearer oa_your_api_key" \
-H "Content-Type: application/json" \
-d '{"name": "CoParent"}'
# Configure hosted mode with a deep link
curl -X PATCH https://api.own-auth.com/v1/apps/app_x1y2z3/settings \
-H "Authorization: Bearer oa_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"linkMode": "hosted",
"deepLinkScheme": "coparent://app/auth",
"fallbackUrl": "https://apps.apple.com/app/coparent/id123456789",
"dailySendLimit": 1000
}'
# Create a delivery key
curl -X POST https://api.own-auth.com/v1/apps/app_x1y2z3/keys \
-H "Authorization: Bearer oa_your_api_key" \
-H "Content-Type: application/json" \
-d '{"name": "Production"}'
# Check usage
curl https://api.own-auth.com/v1/usage \
-H "Authorization: Bearer oa_your_api_key"SDKs
Use fetch, curl, or any HTTP client.