Logout
curl -X POST "https://api.monitoring.crahe-arthur.com/api/v1/auth/logout"Empty
Refresh session
Reads the refresh token from the HTTP-only cookie. The active tenant is taken from the persisted refresh-token row (audit F-002 / ASVS V3.5.1) — the `X-Tenant-Id` header is consulted only as a defence-in-depth equality check; switching tenants is the `/auth/switch-tenant` endpoint's job. Replay detection clears the client cookie.
Get current user
Reads `users` on every call so that an email change is reflected without forcing a session refresh. The handler is intentionally tenant-agnostic — `users` is global per ADR 0008.