---
resource: https://macrocontent.dev/
register_uri: https://app.macrocontent.dev/register
authorization_server: https://macrocontent.dev/.well-known/oauth-authorization-server
protected_resource: https://macrocontent.dev/.well-known/oauth-protected-resource
identity_types_supported:
  - anonymous
credential_types_supported:
  - api_key
claim_uri: https://macrocontent.dev/auth.md
---

# auth.md

Agent and developer authentication for **Macro Content** (Macro / macrocontent.dev).

## Audience

- Human developers integrating `@macrocontent/sdk`
- Automated agents that need read-only product/API discovery (no registration required)
- Dashboard users managing websites and content

## Registration

Register at https://app.macrocontent.dev/register

Registration requires email verification and Cloudflare Turnstile captcha.

## Anonymous agent access (API key)

1. A human creates a Macro account at the register URL above.
2. In the dashboard, create a website project and generate an API key.
3. Use headers on editor/content API requests:
   - `X-Api-Key: <key>`
   - `X-Macro-Website-Id: <website-id>`

Claim credentials via https://macrocontent.dev/auth.md after human provisioning.

## Dashboard / Platform API (JWT)

- **Login:** `POST https://api.macrocontent.dev/auth/login`
- **Refresh:** `POST https://api.macrocontent.dev/auth/refresh`
- **Header:** `Authorization: Bearer <access_token>`

## Protected resources

- **Marketing / discovery resource:** https://macrocontent.dev/
- **API resource base:** https://api.macrocontent.dev/
- **Docs:** https://docs.macrocontent.dev/
- **API Documentation:** https://api.macrocontent.dev/docs
- **OpenAPI:** https://api.macrocontent.dev/docs.json
- **Health:** https://api.macrocontent.dev/health

## Discovery

- OAuth Authorization Server: https://macrocontent.dev/.well-known/oauth-authorization-server
- OAuth Protected Resource: https://macrocontent.dev/.well-known/oauth-protected-resource
- API catalog: https://macrocontent.dev/.well-known/api-catalog

## Agent note

Passive discovery only — do not attempt automated registration or login without explicit user consent.
