Developers
Scalar and OpenAPI
Scalar is the human API reference. OpenAPI 3.1 is the machine-readable contract for tooling, tests, and generated clients.
Start from the reference, then wire authentication
Treat Scalar as the main place to inspect and try the API. Treat OpenAPI as the source contract for automated consumers and integration tooling.
Reference workflow
The docs are split by how developers consume them.
For humans
Use Scalar to browse endpoints and response examples.
For tooling
Use OpenAPI 3.1 JSON for generated clients and contract checks.
For scripts
Create an API key, then send it as a Bearer token.
Authentication
Send API keys as Bearer tokens
Create API keys from Profile. The full key is shown once. Store it like a password and rotate it when access should change.
New keys use ajg_key_. Legacy ajg_diag_ keys remain valid for compatibility.
Current API
Documented account access
| API key verification | Available | Use Bearer API keys to verify ownership. |
| Key metadata | Available | List non-secret key metadata for the authenticated owner. |
| Profile, documents, jobs, and analysis | Planned | These routes still require a Cognito browser session. |
| Scoped writes | Planned | Write access needs scopes, audit logs, and rate limits before release. |
Endpoints
Routes in the current OpenAPI contract
These routes are documented in Scalar and exported through the OpenAPI 3.1 JSON contract.
| Method | Path | Auth | Status | Use |
|---|---|---|---|---|
| GET | /api/api-keys/whoami | API key | Active | Confirm a key is active and identify the owner. |
| GET | /api/user-api-keys | API key or session | Active | Return non-secret metadata for the owner's keys. |
| POST | /api/user-api-keys | Browser session | Active | Create a key from Profile. The plaintext value is shown once. |
| DELETE | /api/user-api-keys | Browser session | Active | Revoke a key immediately. |
| GET | /api/diagnostics/whoami | API key | Compatibility | Deprecated alias for /api/api-keys/whoami. |
Verify the current key
curl https://applyjobgpt.com/api/api-keys/whoami \
-H "Authorization: Bearer ajg_key_..."List key metadata
curl https://applyjobgpt.com/api/user-api-keys \
-H "Authorization: Bearer ajg_key_..."