fluo API MCP GitHub
REST API

fluo API.
Set up auth over HTTP.

Everything the dashboard does, as a plain REST API: create an account, spin up apps, fetch API keys, and configure providers. Pair it with the MCP server to drive it from an agent.

Base URL 
https://api.fluo.dev
Auth header 
Authorization: Bearer pat_your_token

Get a token by calling POST /api/v2/accounts (no auth), or from the dashboard. Every other endpoint expects it as a Bearer token.

POST /api/v2/accounts No auth

Create an account and return its first personal access token. Save the token — it is shown only once.

Request 
curl -X POST https://api.fluo.dev/api/v2/accounts \
  -H "Content-Type: application/json" \
  -d '{ "email": "you@example.com" }'
Response 
{
  "account": {
    "id": "rec_3f2a8c1d0e5b4a9",
    "email": "you@example.com",
    "firstName": "Fluo",
    "lastName": "User"
  },
  "accessToken": "pat_8Kf3mZ9qWx7Lp2Rn..."
}
POST /api/v2/accounts/tokens Bearer

Issue an additional access token for the authenticated account.

Request 
curl -X POST https://api.fluo.dev/api/v2/accounts/tokens \
  -H "Authorization: Bearer pat_..." \
  -H "Content-Type: application/json" \
  -d '{ "name": "ci" }'
Response 
{ "accessToken": "pat_Qf1a...Zr9" }
GET /api/v2/account Bearer

Return the authenticated account.

Response 
{
  "account": {
    "id": "rec_3f2a8c1d0e5b4a9",
    "email": "you@example.com",
    "firstName": "Fluo",
    "lastName": "User"
  }
}
GET /api/v2/apps Bearer

List every app in the account, each including its API key.

Response 
{ "apps": [ { "id": "yd0783cvv19mnaa", "name": "Acme Mobile", "apiKey": "Ucem...3W", "backendType": "" } ] }
POST /api/v2/apps Bearer

Create an app. The API key and signing secrets are generated automatically.

Request 
curl -X POST https://api.fluo.dev/api/v2/apps \
  -H "Authorization: Bearer pat_..." \
  -H "Content-Type: application/json" \
  -d '{ "name": "Acme Mobile" }'
Response 
{
  "app": {
    "id": "yd0783cvv19mnaa",
    "name": "Acme Mobile",
    "apiKey": "UcemRroBiOJKLXvGr1E5N0BSPKOpjU3W...",
    "backendType": "",
    "authMethods": [ { "id": "email", "selected": true } ],
    "registrationSteps": [ { "id": "firstName", "selected": true } ]
  }
}
GET /api/v2/apps/:id Bearer

Full configuration for a single app, including its API key and JWT secret.

Response 
{ "app": { "id": "yd0783cvv19mnaa", "name": "Acme Mobile", "apiKey": "Ucem...3W", "jwtSecret": "...", "authMethods": [ ... ] } }
PATCH /api/v2/apps/:id Bearer

Update name, auth methods, registration steps, backend, terms & privacy URLs, or the Prelude key. Only the fields you send change.

Request 
curl -X PATCH https://api.fluo.dev/api/v2/apps/yd0783cvv19mnaa \
  -H "Authorization: Bearer pat_..." \
  -H "Content-Type: application/json" \
  -d '{
    "authMethods": [
      { "id": "email", "selected": true },
      { "id": "google", "selected": true,
        "googleClientId": { "web": "....apps.googleusercontent.com" } }
    ]
  }'
Response 
{ "app": { "id": "yd0783cvv19mnaa", "authMethods": [ ... ] } }
GET /api/v2/apps/:id/sessions Bearer

Recent authentication sessions for an app. Verification codes and refresh tokens are never returned.

Response 
{
  "sessions": [
    {
      "id": "3fwj5bo8wn0z813",
      "method": "email",
      "email": "user@example.com",
      "userId": "fj9z...zdg",
      "verifiedAt": "2026-06-11 17:32:48.012Z",
      "created": "2026-06-11 17:32:47.621Z"
    }
  ]
}
GET /api/v2/apps/:id/users Bearer

End users of an app. Custom backend only — Firebase and Supabase manage their own users.

Response 
{ "users": [ { "id": "u_1a2b", "email": "user@example.com", "firstName": "Ada", "lastName": "L." } ] }