# IAM ## Docs - [Best practices](https://orchestrator-docs.hexoforge.dev/api-reference/best-practices.md): Token handling, security, performance, and common integration flows for the IAM APIs. - [Error format](https://orchestrator-docs.hexoforge.dev/api-reference/errors.md): How the IAM APIs return errors and validation failures. - [Forgot password](https://orchestrator-docs.hexoforge.dev/api-reference/gate/forgot-password.md): Request a password reset OTP. - [Login](https://orchestrator-docs.hexoforge.dev/api-reference/gate/login.md): Authenticate with email and password. - [Complete login with TOTP](https://orchestrator-docs.hexoforge.dev/api-reference/gate/login-totp.md): Finish authentication after Login returns requires_totp. - [Register user](https://orchestrator-docs.hexoforge.dev/api-reference/gate/register.md): Create a new tenant user account. - [Reset password](https://orchestrator-docs.hexoforge.dev/api-reference/gate/reset-password.md): Set a new password using the email OTP. - [Verify email](https://orchestrator-docs.hexoforge.dev/api-reference/gate/verify-email.md): Confirm email with OTP after registration. - [IAM API overview](https://orchestrator-docs.hexoforge.dev/api-reference/introduction.md): Authentication, base URLs, and rate limits for the Gate and Public APIs. - [JWKS](https://orchestrator-docs.hexoforge.dev/api-reference/public/jwks.md): Public keys for verifying JWT access tokens (RS256). - [Logout](https://orchestrator-docs.hexoforge.dev/api-reference/public/logout.md): Revoke a refresh token. - [Current user profile](https://orchestrator-docs.hexoforge.dev/api-reference/public/me.md): Fetch the authenticated user's profile from the database. - [Refresh tokens](https://orchestrator-docs.hexoforge.dev/api-reference/public/refresh.md): Rotate refresh token and obtain a new access token. - [Disable TOTP](https://orchestrator-docs.hexoforge.dev/api-reference/public/totp-disable.md): Turn off TOTP for the authenticated user. - [Start TOTP setup](https://orchestrator-docs.hexoforge.dev/api-reference/public/totp-setup.md): Generate a pending TOTP secret for the authenticated user. - [Verify TOTP setup](https://orchestrator-docs.hexoforge.dev/api-reference/public/totp-verify-setup.md): Confirm TOTP after setup. - [Verify access token](https://orchestrator-docs.hexoforge.dev/api-reference/public/verify.md): Introspect a JWT access token and return claims. ## OpenAPI Specs - [openapi](https://orchestrator-docs.hexoforge.dev/api-reference/openapi.json)