Authentication

Lumio supports multiple authentication methods.

Auth Types

JWT (JSON Web Tokens)

Used by the web frontend. Tokens are issued by the ID app (NextAuth) and validated by the API.

Authorization: Bearer <jwt-token>

API Keys

Long-lived keys for programmatic access. Create via the dashboard or API.

Authorization: Bearer <api-key>

Overlay Tokens

Scoped tokens for overlay browser sources. No user authentication required — the token grants read-only access to a specific overlay.

?token=<overlay-token>

RBAC

All authenticated requests are subject to role-based access control. Permissions are checked against the user's assigned role. See Feature Flags for feature-level access control.

Auth Types​

JWT (JSON Web Tokens)​

API Keys​

Overlay Tokens​

RBAC​

Auth Types

JWT (JSON Web Tokens)

API Keys

Overlay Tokens

RBAC