← Back to docs

API Reference

The management API powers the website dashboard. Management routes require Firebase ID-token auth unless an endpoint explicitly says otherwise. 

Authorization: Bearer <your-firebase-id-token>
GET /api/users/me

Returns the authenticated user's account record.

Auth: Bearer <Firebase ID token>
Response 
{
  "id": "2e9f7f7a-5f1b-4e1d-9df4-55a7dc6f8d32",
  "email": "dev@example.com",
  "name": "Dev User"
}
PATCH /api/users/me

Updates the authenticated user's display name.

Auth: Bearer <Firebase ID token>
Request body 
{
  "name": "Dev User"
}
Response 
{
  "id": "2e9f7f7a-5f1b-4e1d-9df4-55a7dc6f8d32",
  "email": "dev@example.com",
  "name": "Dev User"
}
DELETE /api/users/me

Deletes the Firebase user first. If Firebase deletion fails, Sleev returns 502 and preserves local data so the request can be retried. After Firebase deletion succeeds, Sleev hard-cascades local user-owned data.

Auth: Bearer <Firebase ID token>
Response 
204 No Content
GET /api/tokens

Lists sleeve token metadata for the authenticated user. Plaintext tokens are never returned from this endpoint.

Auth: Bearer <Firebase ID token>
Response 
[
  {
    "id": "80f9f01a-2fa8-4f2d-a7b5-f32a49c6b9af",
    "masked_token": "slv_live_abcd...wxyz",
    "label": "Claude Code laptop",
    "is_active": true,
    "expires_at": null,
    "created_at": "2026-05-11T12:00:00Z"
  }
]
POST /api/tokens

Creates a sleeve token with optional label and expiration. The plaintext token is returned exactly once. Sleev persists only a hash and masked display form.

Auth: Bearer <Firebase ID token>
Request body 
{
  "label": "Claude Code laptop",
  "expires_at": "2026-12-31T23:59:59Z"
}
Response 
{
  "id": "80f9f01a-2fa8-4f2d-a7b5-f32a49c6b9af",
  "masked_token": "slv_live_abcd...wxyz",
  "label": "Claude Code laptop",
  "is_active": true,
  "expires_at": "2026-12-31T23:59:59Z",
  "created_at": "2026-05-11T12:00:00Z",
  "token": "slv_live_full_plaintext_value"
}
PATCH /api/tokens/{token_id}

Updates a token label and/or active state. Token mutations are scoped to the authenticated owner.

Auth: Bearer <Firebase ID token>
Request body 
{
  "label": "Workstation",
  "is_active": false
}
Response 
{
  "id": "80f9f01a-2fa8-4f2d-a7b5-f32a49c6b9af",
  "masked_token": "slv_live_abcd...wxyz",
  "label": "Workstation",
  "is_active": false,
  "expires_at": null,
  "created_at": "2026-05-11T12:00:00Z"
}
DELETE /api/tokens/{token_id}

Revokes and deletes a token owned by the authenticated user.

Auth: Bearer <Firebase ID token>
Response 
204 No Content
GET /api/usage/session-metadata

Returns one SessionStats entry per authenticated user-owned session.

Auth: Bearer <Firebase ID token>
Response 
[
  {
    "session_id": "ses_123",
    "session_size": 42118,
    "saved_chars": 18420,
    "saved_tokens": 4605,
    "fork_from": 0,
    "is_true_fork": false
  }
]
GET /api/usage/total-saved-tokens

Public, unauthenticated aggregate used by public pages. Includes the exact all-time total plus the recent 20-minute saved-token rate used to animate the landing counter.

Auth: None
Response 
{
  "total_saved_tokens": 982341,
  "observed_at": "2026-05-15T12:34:56Z",
  "tokens_per_second": 42.3,
  "window_seconds": 1200
}