Auth¶
The auth surface exposes session-time identity operations: who am I,
what can I do, and how to change my password. The actual login is
lazy and invisible — calling client.tags.list() (or any method)
fires the first POST to /auth/log_in.json automatically.
Operations¶
| Method | What it does |
|---|---|
client.auth.whoami() |
Return the currently authenticated User. |
client.auth.capabilities() |
The server's capability list for the session — feature toggles. |
client.auth.change_password(old_password, new_password) |
Change current user's password; invalidates token and re-logs in on next call. |
me = client.auth.whoami()
caps = client.auth.capabilities()
client.auth.change_password(old_password="hunter2", new_password="newpass!")
change_password updates the SDK's in-memory password store too — so
the subsequent lazy re-login uses the new credentials transparently.
See also¶
- Users —
users.me()returns the sameUserasauth.whoami(). - Credential rotation — broader rotation workflows.
- Security — token lifecycle, redaction.