From 6e277e5ef489b05a128513abeaa90fdafcf76b6c Mon Sep 17 00:00:00 2001
From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com>
Date: Tue, 24 Feb 2026 08:23:52 +0000
Subject: [PATCH] Update user management docs for cookie-based auth

Generated-By: mintlify-agent
---
 getting-started/user-management.mdx | 48 ++++++++++++++---------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/getting-started/user-management.mdx b/getting-started/user-management.mdx
index b7c7685f..b8d7c44c 100644
--- a/getting-started/user-management.mdx
+++ b/getting-started/user-management.mdx
@@ -16,32 +16,32 @@ OpenOps doesn't currently provide a UI for creating user accounts; instead, you
 
 The first API call is to sign in the admin user:
 
+```shell
+curl -X POST http://your-openops-installation/api/v1/authentication/sign-in \
+  -H "Content-Type: application/json" \
+  -c cookies.txt \
+  -d '{
+    "email": "your-admin-email",
+    "password": "your-admin-password"
+  }'
 ```
-POST http://your-openops-installation/api/v1/authentication/sign-in
-Content-Type: application/json
-
-{
-  "email": "your-admin-email",
-  "password": "your-admin-password"
-}
-```
-
-This call will return a JSON object that contains a property called `token`. Copy the value of this property and use it in the authorization header in the next call. This next call actually creates a new user account. Before making the call, in the body, don't forget to specify actual values for the four properties that are left empty in the sample below:
-
-```
-POST http://your-openops-installation/api/v1/authentication/sign-up
-Authorization: Bearer your-admin-token
-Content-Type: application/json
-
-{
-  "password": "",
-  "email": "",
-  "firstName": "",
-  "lastName": "",
-  "trackEvents": false,
-  "newsLetter": false
-}
 
+The authentication token is returned as an HTTP-only cookie (not in the response body). Use the `-c` flag to save cookies to a file, then pass them with `-b` in subsequent requests.
+
+The next call creates a new user account. Specify values for the four empty properties in the body:
+
+```shell
+curl -X POST http://your-openops-installation/api/v1/authentication/sign-up \
+  -H "Content-Type: application/json" \
+  -b cookies.txt \
+  -d '{
+    "password": "",
+    "email": "",
+    "firstName": "",
+    "lastName": "",
+    "trackEvents": false,
+    "newsLetter": false
+  }'
 ```
 
 The user account that you create this way will be able to perform all operations in OpenOps except for creating new user accounts. Every time you do that, you'll still need an admin token.