From 6cc895c3952df1291d1ba2371b6222fb17f12ce2 Mon Sep 17 00:00:00 2001
From: dumbmoron <log@riseup.net>
Date: Sat, 12 Oct 2024 12:20:15 +0000
Subject: [PATCH] docs/api: document `/session` endpoint

---
 docs/api.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/api.md b/docs/api.md
index e3f3bf99..39b17209 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -143,3 +143,18 @@ response body type: `application/json`
 | `commit`    | `string` | commit hash       |
 | `branch`    | `string` | git branch        |
 | `remote`    | `string` | git remote        |
+
+## POST: `/session`
+
+used for generating JWT tokens, if enabled. currently, cobalt only supports
+generating tokens when a [turnstile](run-an-instance.md#list-of-all-environment-variables) challenge solution
+is submitted by the client.
+
+the turnstile challenge response is submitted via the `cf-turnstile-response` header.
+### response body
+| key             | type       | description                                            |
+|:----------------|:-----------|:-------------------------------------------------------|
+| `token`         | `string`   | a `Bearer` token used for later request authentication |
+| `exp`           | `number`   | number in seconds indicating the token lifetime        |
+
+on failure, an [error response](#error-response) is returned.