Authentication API
User authentication and session management endpoints.
Authentication API
The Authentication API handles user authentication and session management using JWT tokens from Supabase Auth.
Authentication Methods
JWT Bearer Token
All API requests require authentication using JWT tokens from Supabase Auth.
curl -H "Authorization: Bearer YOUR_JWT_TOKEN" \
https://your-domain.com/api/products
Session-based Authentication
For web applications, authentication is handled automatically through Supabase session cookies.
Getting an Access Token
Using Supabase Auth
import { createClient } from '@supabase/supabase-js'
const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY)
// Sign in
const { data, error } = await supabase.auth.signInWithPassword({
email: 'user@example.com',
password: 'password'
})
// Use the access token
const token = data.session.access_token
User Roles & Permissions
| Role | Permissions |
|---|---|
admin | Full access to all endpoints |
manager | Read/write access to operational data |
employee | Limited read/write access |
viewer | Read-only access |
Endpoints
POST /api/auth/login
Sign in with email and password.
Request Body:
{
"email": "user@example.com",
"password": "password123"
}
Response:
{
"data": {
"user": {
"id": "uuid",
"email": "user@example.com",
"role": "manager"
},
"session": {
"access_token": "jwt_token",
"refresh_token": "refresh_token",
"expires_at": 1640995200
}
}
}
POST /api/auth/logout
Sign out the current user.
Response:
{
"data": {
"message": "Successfully logged out"
}
}
POST /api/auth/refresh
Refresh the access token.
Request Body:
{
"refresh_token": "refresh_token"
}
Response:
{
"data": {
"session": {
"access_token": "new_jwt_token",
"refresh_token": "new_refresh_token",
"expires_at": 1640998800
}
}
}