Authentication

Authentication models

1) Chat API authentication (`/api/v1/chat/*`)

Use Authorization: Bearer <token> where token is one of:

Tenant JWT (signed with tenant-specific jwtSecret)
Tenant API key (prefix ab_...)

Required JWT claims:

userId
tenantId
exp
iat

Optional claims:

email
permissions

2) Admin API authentication (`/api/v1/admin/*`)

Use Authorization: Bearer <supabase_access_token>. The backend verifies Supabase identity and maps the user to an internal tenant via admin_users.

Header format

Authorization: Bearer <TOKEN>

Common auth failures

401 Missing or invalid authorization header
401 Invalid token
401 Token expired
403 No tenant linked. Complete onboarding first.

Overview

Getting Started

API Reference

Authentication models

1) Chat API authentication (`/api/v1/chat/*`)

2) Admin API authentication (`/api/v1/admin/*`)

Header format

Common auth failures

Overview

Getting Started

API Reference

​Authentication models

​1) Chat API authentication (/api/v1/chat/*)

​2) Admin API authentication (/api/v1/admin/*)

​Header format

​Common auth failures

Authentication models

1) Chat API authentication (`/api/v1/chat/*`)

2) Admin API authentication (`/api/v1/admin/*`)

Header format

Common auth failures