# Ask for an auth code (swap sub)
curl -X POST https://localhost:4080/api/session \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"sub":"jon@example.com"}'

# Validate auth code (swap session id, sub, and otp)
curl -X POST https://localhost:4080/api/session/xyz \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"sub":"jon@example.com","otp":"secret123"}'

# Post a message (swap api-token)
curl -X POST https://localhost:4080/api/rooms/general \
  -H 'Authorization: Bearer api-token' \
  -H 'Content-Type: application/json; charset=utf-8' \
  -d '{"msg":"hello"}'

# Get a room's messages (swap api-token, since unix-epoch)
curl https://localhost:4080/api/rooms/general?since=0 \
  -H 'Authorization: Bearer api-token'