In dev mode, your OTP code appears in the server log (mailer.stderr).
1Send verification code
POST /v1/auth/send-code — issues a one-time code to your email. Anti-enumerating (always succeeds).
2Verify code
POST /v1/auth/verify-code — returns an emailVerificationSid (valid 5 min).
3Sign in (auto-creates if new)
POST /v1/auth/login — consumes the sid, creates entity if absent, returns session token + master key (ONCE).
4Issue an API key
POST /v1/keys — uses the session cookie. Permissions default to entity.read.self.
5Use the API key
POST /v1/keys/validate (no auth) + GET /v1/entities/{id} (Bearer auth).