# Ask for an auth code (swap sub)
curl -X POST http://localhost:4080/api/sessions \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"sub":"jon@example.com"}'

# Validate auth code (swap session id, sub, and otp)
curl -X POST http://localhost:4080/api/sessions/xyz \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"otp":"secret123"}'

# Post a message (swap api-token)
curl -X POST http://localhost:4080/api/rooms/general \
  -H 'Authorization: Bearer api-token' \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"message":"Hello, World!"}'

# Get a room's messages (swap api-token, since unix-epoch)
curl http://localhost:4080/api/rooms/general?since=0 \
  -H 'Authorization: Bearer api-token'