Skip to main content

Documentation Index

Fetch the complete documentation index at: https://orchestrator-docs.hexoforge.dev/llms.txt

Use this file to discover all available pages before exploring further.

The IAM APIs let your application authenticate and manage tenant users. Gate endpoints handle registration, login, and password flows at the edge. Public endpoints handle tokens, profile, TOTP, and JWKS without Cloudflare Worker invocation.

Authentication

All Gate and Public endpoints require an API key with auth permission. Send it in the X-API-Key header: 
X-API-Key: your_project_api_key_here
Public endpoints that act on a specific user also need a Bearer JWT access token: 
Authorization: Bearer eyJhbGciOiJSUzI1NiIs...

Base URLs

Replace {project_id} with your project’s UUID.
SurfaceBase URLProtection
Gate APIhttps://org-api.hexoforge.dev/api/v1/gate/{project_id}/authCloudflare Worker (DDoS, firewall, IP rules, rate limits)
Public APIhttps://org-api.hexoforge.dev/api/v1/pub/{project_id}/authBackend-only (IP rules, firewall, rate limits)
JWKShttps://org-api.hexoforge.dev/api/v1/pub/{project_id}/.well-known/jwks.jsonNo API key or Bearer

Rate limiting

Every endpoint is rate-limited. Default limits are configurable per project:
CategoryDefault limitApplied to
login10 requests per minute per IP/login, /login/totp
register5 requests per minute per IP/register
password_reset5 requests per minute per IP/forgot-password, /reset-password
general30 requests per second per IPAll other endpoints
When rate-limited, you receive 429 Too Many Requests with IETF-compliant headers: 
HTTP/1.1 429 Too Many Requests
RateLimit-Policy: 10;w=60
RateLimit: limit=10, remaining=0, reset=45
Gate endpoints also have a hard cap of 60 requests per minute per IP at the Cloudflare edge (not configurable).