# Aeterna Authentication

## Human users (browser)

Aeterna uses **Firebase Authentication** for end-user sign-in:

- Google Sign-In
- Email magic link
- Social providers (region-specific)

Sessions are established via **HttpOnly, Secure cookies** on `helloaeterna.com`. Vault, chat, and dashboard APIs require an authenticated browser session and are **not** available to third-party agents.

## AI agents and crawlers (read-only)

Agents may consume **public marketing content** without authentication:

| Resource | URL |
|----------|-----|
| Product summary | https://helloaeterna.com/llms.txt |
| Full marketing text | https://helloaeterna.com/llms-full.txt |
| API catalog | https://helloaeterna.com/.well-known/api-catalog |
| Agent skills index | https://helloaeterna.com/.well-known/agent-skills/index.json |
| MCP server card | https://helloaeterna.com/.well-known/mcp/server-card.json |
| Health check | https://helloaeterna.com/api/health |

Use `/llms.txt` and `/llms-full.txt` for markdown ingestion (works on all Cloudflare plans). Edge `Accept: text/markdown` conversion requires Cloudflare Pro/Business+.

## Third-party programmatic API access

**Not currently offered.** Aeterna does not publish OAuth/OIDC discovery or issue third-party API tokens. Do not attempt to authenticate against Firebase or session endpoints as an agent.

For partnership or integration inquiries: **support@via-aeterna.com**

## Rate limits

Public endpoints are rate-limited. Respect `robots.txt` and `Content-Signal` headers. Do not scrape authenticated routes (`/dashboard`, `/vault`, `/api/*` except documented public paths).

## Security contact

security@helloaeterna.com — see https://helloaeterna.com/.well-known/security.txt
