API Authentication (Dashboard Endpoints)

While the /rag/query endpoint uses rag_ API keys, all other endpoints (/rag/pipelines/*) are designed for the Jabrod dashboard and require Session Authentication.

Session Authentication

Jabrod uses a session cookie-based authentication system. When a user logs in to the dashboard, a secure HTTP-only cookie is set. The API endpoints check this session to determine the userId, and then enforce ownership logic (e.g., ensuring pipeline.userId === session.userId).

Calling Management Endpoints

If you are calling the management endpoints (Pipelines, Data Sources, Keys) from a script or external application, you cannot use a rag_ API key. These endpoints are strictly bound to the active user session of the web application. For server-to-server programmatic pipeline management, Jabrod Enterprise offers Management API tokens (Coming Soon). For now, use the Jabrod Dashboard UI to configure pipelines.

​API Authentication (Dashboard Endpoints)

​Session Authentication

​Calling Management Endpoints

API Authentication (Dashboard Endpoints)

Session Authentication

Calling Management Endpoints