API authentication
Authenticate protected Plandalf API requests, confirm the active user, and understand which organization the API will use.
API authentication /api/users/me Authentication has one job: prove who is making the request before you read or change commerce data. Start by checking identity, then make the smallest real API call from your server.
Do this before any catalog, checkout, or automation call
Make GET /api/users/me work first. It tells you whether the token is valid and which organization Plandalf will use for organization-scoped records.
The path
-
Keep API credentials in environment variables, server secrets, or your platform’s secret manager. Do not put them in JavaScript that ships to the browser.
-
Every protected API request should include
Authorization: Bearer <token>andAccept: application/json. -
Call
GET /api/users/mebefore moving on. If this fails, the next API page will fail too. -
The response includes
current_organization. Catalog, checkout, and automation routes use that context for organization-owned data.
Identity endpoint
Use this as the first server-side smoke test. It proves the bearer token works and shows the organization context later API calls will inherit.
Endpoint
Get current user
Returns the authenticated user and current organization context for protected API calls.
/api/users/me Headers
Acceptstringdefault: application/jsonAsk API routes to return JSON.
Content-Typestringdefault: application/jsonInclude this when the request sends a JSON body.
Identity request
curl "https://api.plandalf.com/api/users/me" \
-H "Authorization: Bearer $PLANDALF_API_KEY" \
-H "Accept: application/json"const response = await fetch("https://api.plandalf.com/api/users/me", {
headers: {
Authorization: `Bearer ${process.env.PLANDALF_API_KEY}`,
Accept: "application/json",
},
});
if (!response.ok) {
throw new Error(`Plandalf authentication failed: ${response.status}`);
}
const identity = await response.json(); Identity response
The identity check is not just a ping. It shows the user and organization context that later API calls will inherit. Keep the first read small: confirm the user, confirm current_organization, then move on.
Identity response
{
"id": "usr_123",
"email": "founder@example.com",
"current_organization": {
"id": "org_123",
"name": "Example Studio",
"timezone": "Australia/Sydney"
}
} Invalid token
{
"message": "Unauthenticated."
} Response fields
idstringThe authenticated user’s route key.
emailstringThe email address for the authenticated Plandalf user.
plandalf_jwtstringA signed Plandalf JWT for browser or embedded surfaces that need to identify the current user. Treat it as sensitive.
›current_organizationobjectrequired
The organization currently selected for the authenticated user. Organization-scoped API routes use this context.
current_organization.idstringThe organization route key.
current_organization.namestringThe name shown inside Plandalf.
current_organization.timezonestringThe timezone used for organization display and date handling.
organizationsarrayOther organizations available to the authenticated user.
Error fields
messagestringAuthentication failure message returned when the bearer token is missing, expired, or invalid.
Where credentials belong
Credential placement
Server routesprivateBest for catalog reads, checkout session creation, automation setup, and anything that touches private records.
Browser checkoutpublicUse the checkout SDK for browser behavior. Do not expose API bearer credentials in front-end code.
Do not rely on URL tokens
If an older integration depends on URL-based authentication, treat it as compatibility behavior and move it behind the Authorization header before going live.
Next calls
- Catalog API: read products and plans after the token resolves the right organization.
- Checkout SDK: pair server-side API calls with client-side checkout behavior.
- Webhooks: fan external events into Plandalf workflows.