Authentication

Rendobar uses Better Auth for authentication. There are two authentication methods depending on your use case.

Session-based auth (Dashboard)

When you sign in through the dashboard at app.rendobar.com, a session cookie (rb_session) is set automatically. The dashboard uses this cookie for all API requests. Sessions last 30 days by default.

No additional setup is needed for dashboard users.

API key auth (Programmatic)

For programmatic access, create an API key in the dashboard under Settings > API Keys. API keys start with the rb_ prefix.

Include the key in the Authorization header:

curl https://api.rendobar.com/jobs \
  -H "Authorization: Bearer rb_live_YOUR_API_KEY"

API key properties

• Keys are scoped to an organization, not a user
• Each key has a name for identification
• Keys can be revoked at any time from the dashboard
• Revoked keys return 401 Unauthorized immediately
• There is no limit on the number of keys per organization

Creating a key

curl -X POST https://api.rendobar.com/api-keys \
  -H "Authorization: Bearer rb_live_EXISTING_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "CI Pipeline" }'

Revoking a key

curl -X DELETE https://api.rendobar.com/api-keys/KEY_ID \
  -H "Authorization: Bearer rb_live_YOUR_KEY"

Auth context

Every authenticated request resolves to a context containing:

• userId — the authenticated user
• orgId — the active organization
• plan — the organization’s current plan (determines rate limits, allowed job types, and credit balance)

This context is used for rate limiting, plan enforcement, and credit checks on every request.

MCP agent auth

AI agents can authenticate with Rendobar via the Model Context Protocol (MCP). The Better Auth MCP plugin handles OAuth so agents can authenticate once and maintain self-serve access. MCP tools map 1:1 with the REST API.

Error responses

Authentication failures return:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired authentication"
  }
}

HTTP status: 401

Next steps

• Quickstart to make your first API call
• Credits for billing and usage
• Job Types for all available operations