Authentication

How it works

JWT tokens are automatically generated when users authenticate with Supabase Auth. The token contains a tenant_id claim that identifies the tenant making the request.

Using JWT Tokens

Include the JWT token in the Authorization header:

Authorization: Bearer <your-jwt-token>

Example Request

curl -X POST https://your-project.supabase.co/functions/v1/search-dsl \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "tenantId": "tenant-123",
    "tsFrom": "2025-01-15T00:00:00Z",
    "tsTo": "2025-01-15T23:59:59Z",
    "query": "level = 'error'"
  }'

Getting JWT Tokens

If you're using the TypeScript SDK, tokens are automatically handled. For direct API calls, you can get tokens from Supabase Auth:

import { createClient } from '@supabase/supabase-js'

const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY)

// Sign in
const { data: { session } } = await supabase.auth.signInWithPassword({
  email: 'user@example.com',
  password: 'password'
})

// Get the JWT token
const token = session?.access_token

Creating API Keys

API keys can be created through the Settings page in the dashboard or via the API Keys API. Each key is prefixed with ll_.

Using API Keys

You can use API keys in two ways:

X-API-Key: ll_your_api_key_here

Authorization: Bearer ll_your_api_key_here

Example Request

curl -X POST https://your-project.supabase.co/functions/v1/ingest \
  -H "X-API-Key: ll_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '[
    {
      "ts": "2025-01-15T10:30:00Z",
      "level": "info",
      "msg": "User logged in",
      "service": "api"
    }
  ]'

Security Best Practices

• Never commit API keys to version control
• Store keys in environment variables
• Rotate keys regularly
• Revoke keys immediately if compromised
• Use different keys for different environments