API Authentication

Browser Authentication (Supabase Session)

When using Lydaro through the browser, authentication is automatic. Supabase sets an HttpOnly session cookie when you log in. All API requests from the browser include this cookie automatically.

Programmatic Access

Lydaro does not currently offer dedicated API keys. Programmatic access requires a valid Supabase session token.

To authenticate programmatically:

Use the Supabase client library to sign in
Use the resulting session's access token in requests

typescript

import { createClient } from '@supabase/supabase-js'

const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY)
const { data: { session } } = await supabase.auth.signInWithPassword({
  email: 'user@example.com',
  password: 'password',
})

// Use session.access_token in Authorization header

Webhook Authentication

Stripe webhooks do not use session-based auth. Instead, the webhook signature is verified using STRIPE_WEBHOOK_SECRET. See Webhooks.

Future

Dedicated API keys (scoped to an organisation) are planned for a future release.

API Authentication ​

Browser Authentication (Supabase Session) ​

Programmatic Access ​

Webhook Authentication ​

Future ​

API Authentication

Browser Authentication (Supabase Session)

Programmatic Access

Webhook Authentication

Future