Authentication

br\u016bhi Cloud uses a three-step login flow designed for multi-DJ radio operations.

Step 1: Email entry
     ↓
Step 2: OTP verification (emailed code)
     ↓
Step 3: Station selection
     ↓
Dashboard (Live Broadcast workspace)

Step 1 — Email

The DJ enters their email address. No password is required.

Step 2 — OTP

An OTP (one-time password) code is sent to the email. The DJ enters the code in the browser. If the code is correct, they are authenticated.

Step 3 — Station Selection

After authentication, the DJ sees the station selector. Each station card shows:

[Screenshot: Station selection screen — station cards with name, status badge (On Air / Offline), listener count]

Station name
On-air status (whether a Liquidsoap process is currently running)
Number of active listeners (from Icecast stats, if configured)

The DJ clicks their station and is taken to the Live Broadcast dashboard for that station.

Session Persistence

After selecting a station, the selection is stored in the browser’s localStorage. On the next visit, the browser skips station selection and goes directly to the last-used station’s dashboard (after re-authenticating with OTP if the session has expired).

Session expiry is configurable. The default is 24 hours.

Multiple DJs

Multiple DJs can be logged in simultaneously, each on their own station. There is currently no permission system preventing two DJs from logging into the same station — this is planned for a future update.

Planned: User Management

A user management system is planned that will allow:

Admin users — can create/delete stations, manage all DJ accounts
DJ users — can only access their assigned station(s)
Role-based station assignment — which stations a DJ is allowed to select
API key authentication — for automated integrations

API Authentication (Current)

The REST API currently has no authentication layer. All API endpoints are accessible without credentials. This is suitable for deployments on a private network or behind a VPN.