Skip to main content
POST
/
api
/
v1
/
auth
/
set-password
Set Password
curl --request POST \
  --url https://roughy-api-staging.fly.dev/api/v1/auth/set-password \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "password": "fresh-correct-horse-battery-staple"
}
'
{
  "detail": [
    {
      "loc": [
        "<string>"
      ],
      "msg": "<string>",
      "type": "<string>",
      "input": "<unknown>",
      "ctx": {}
    }
  ]
}

Documentation Index

Fetch the complete documentation index at: https://docs.roughy.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

An API key — either a programmatic key minted via POST /api-keys or a session-class key minted by POST /auth/login / an OAuth callback. Pass it as Authorization: Bearer <token>. UI flows can omit the header — the roughy_session HttpOnly cookie set by login + OAuth callbacks is read as a fallback.

Cookies

roughy_session
string | null

Body

application/json

Initial password set for an OAuth-only user (ADR 0020 Phase 5).

Distinct from ChangePasswordRequest because there is no old password to compare against — a Google-only account has password_hash IS NULL. The endpoint 409s if a password is already set; rotation goes through /auth/change-password instead.

password
string
required
Required string length: 8 - 128

Response

Successful Response