Pocketbase provides an API and SDK for its database. However, the API itself is only documented from the SDK, so I created a small collection of examples for my own documentation. Adjust accordingly
To login with password you simply POST to the users collection. The output will contain the token
curl 'https://<pocketbase url>/api/collections/users/auth-with-password' \
-H 'content-type: application/json' \
--data-raw '{"identity":"<username>","password":"<password>"}' \
--insecure -kv
Sample response:
{
"record": {
"avatar": "",
"collectionId": "_pb_users_auth_",
"collectionName": "users",
"created": "2025-07-16 22:55:04.240Z",
"email": "<email>",
"emailVisibility": false,
"id": "xabrgho2lgpfk4f",
"name": "<name>",
"updated": "2025-07-16 22:55:04.240Z",
"verified": false
},
"token": "eyJhbGdapc31iOsdiJ5IpsdfUzI1NibIsInRdoew5ctCyI6IkpXVloaCJ9.eyJjb2xsZaiaF8iLCJleHAiOjEasdfh3NTM3MTIalskjflkasjf1904NTMsImlkIjoieGFicmdobzJsZ3BmazRmIiwicmVmcmVzaGFibGUiOnsdfoijOiJhdXRoIn0.bHZ6kzkhnmu_Q66s2KCluoCRKdPg"
}
Use jq!
curl 'https://<pocketbase url>/api/collections/users/auth-with-password' \
-H 'content-type: application/json' \
--data-raw '{"identity":"<username>","password":"<password>"}' \
--insecure -kv | jq -r .token
Let's say you have a collection called 'event' with the following fields:
Optional id String Plain text value. It is autogenerated if not set.
Optional type String Plain text value.
Optional data String JSON array or object.
Optional sf_account_id String Plain text value.
Optional user String Relation record id.
Optional note String Plain text value.
curl -kv 'https://<pocketbase url>/api/collections/event/records' \
-H "Content-Type: application/json" \
-H 'authorization: <token>' \
--data-raw '{
"type": "health",
"data": "{\"message\": \"hello\"}",
"sf_account_id": "test",
"user": "<user id>",
"note": "test"
}'