Documentation Index
Fetch the complete documentation index at: https://docs.discovr.media/llms.txt
Use this file to discover all available pages before exploring further.
DeviceCodePayload
Request body for starting the device code flow.
| Property | Type | Required | Description |
|---|
| clientID | string | Yes | Your registered app ID. |
DeviceCodeResponse
Contains the codes needed for device authentication. Display userCode on screen and use authQRCode as an image source.
Returned when format=json (the default). With format=image, the response is a binary PNG instead.
| Property | Type | Required | Description |
|---|
| deviceCode | string | Yes | The code that identifies this authorization request. Pass it to the poll endpoint. |
| userCode | string | Yes | A short numeric code for the user to type if they can’t scan the QR code. |
| authQRCode | string | Yes | A ready-to-display QR code image as a base64 data URL. Set it as the src of an <img> tag — no extra processing needed. |
| expiresIn | integer | Yes | How long the device code is valid, in milliseconds. |
DeviceCodeTokenResponse
Returned when the user has confirmed the device code. Store the refreshToken securely — it’s your long-lived credential.
Call POST /auth/session-token with a profileId to get a session token and start browsing.
| Property | Type | Required | Description |
|---|
| refreshToken | string | Yes | Your long-lived credential (valid for 90 days). Use it as the bearer for identity-tier endpoints and to mint session tokens. Keep it secure — treat it like a password and never put it in URLs. |
| publicId | string | Yes | An identifier for this sign-in session. You can use it to revoke access later via DELETE /auth/sessions/{publicId}. |
| expiresAt | integer | Yes | When the refresh token expires, as a Unix timestamp (seconds). |
MintSessionTokenPayload
The profile to scope the session to.
| Property | Type | Required | Description |
|---|
| profileId | string | Yes | The ID of the profile to activate. Must belong to the signed-in user. |
SessionTokenResponse
The session token scoped to the selected profile. Valid for 30 minutes.
| Property | Type | Required | Description |
|---|
| sessionToken | string | Yes | Your session credential, valid for 30 minutes. Send it as the bearer in the Authorization header for all session-tier endpoints (/pages/*, /profile/*). |
| sessionId | string | Yes | A unique identifier for this browsing session. Each new session token carries a fresh session ID. |
| expiresAt | integer | Yes | When the session token expires, as a Unix timestamp (seconds). |
