Authentication ​
TendSocial APIs are authenticated via bearer tokens issued by Supabase Auth.
Quick Start ​
All protected endpoints require a JWT token in the Authorization header:
bash
Authorization: Bearer <your_jwt_token>Guides ​
Authentication Guide - Complete authentication flow:
- Getting access tokens
- Token refresh
- API key management for integrations
OAuth Setup - Social platform OAuth:
- Setting up OAuth apps
- Callback URLs
- Token exchange
Token Flow ​
1. User logs in via Supabase (Google, email/password)
2. Supabase returns access_token + refresh_token
3. Frontend stores access_token in localStorage
4. All API requests include: Authorization: Bearer <token>
5. Backend verifies token with Supabase
6. Backend looks up user in NeonDB for role/permissionsToken Claims ​
The JWT contains:
| Claim | Description |
|---|---|
sub | Supabase user ID |
email | User's email address |
aud | Audience (authenticated) |
exp | Expiration timestamp |
Error Responses ​
| Status | Meaning |
|---|---|
| 401 | Missing or invalid token |
| 403 | Valid token but insufficient permissions |
See Also ​
- Authentication Guide - Detailed auth flow
- OAuth Setup - Social platform connections