Authentication API
Login User
POST /auth/login
Authenticate a user with email and password
Base URL: https://rzqklwfhwqmviintncqh.supabase.co/functions/v1
Request
Response
Indicates if the request was successful
User’s role (STANDARD_USER, ADMIN)
Account status (ACTIVE, SUSPENDED)
Email verification status
Account creation timestamp
JWT token for API authentication
curl -X POST https://rzqklwfhwqmviintncqh.supabase.co/functions/v1/auth/login \
-H "Content-Type: application/json" \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-d '{
"email": "user@example.com",
"password": "userpassword"
}'
const response = await fetch('https://rzqklwfhwqmviintncqh.supabase.co/functions/v1/auth/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'apikey': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...'
},
body: JSON.stringify({
email: 'user@example.com',
password: 'userpassword'
})
});
const data = await response.json();
final response = await http.post(
Uri.parse('https://rzqklwfhwqmviintncqh.supabase.co/functions/v1/auth/login'),
headers: {
'Content-Type': 'application/json',
'apikey': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
},
body: jsonEncode({
'email': 'user@example.com',
'password': 'userpassword',
}),
);
{
"success": true,
"statusCode": 200,
"message": "Welcome back",
"data": {
"payload": {
"id": "f9cc094c-ba9c-4a0a-82b9-e40d589e97db",
"name": "John Doe",
"phoneNumber": null,
"email": "user@example.com",
"role": "STANDARD_USER",
"status": "ACTIVE",
"isVerified": true,
"createdAt": "2025-08-15T13:53:15.974Z",
"updatedAt": "2025-08-15T13:53:15.974Z"
},
"accessToken": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImY5Y2MwOTRjLWJhOWMtNGEwYS04MmI5LWU0MGQ1ODllOTdkYiIsInJvbGUiOiJTVEFOREFSRF9VU0VSIiwiaWF0IjoxNzYwNDI2MzI4LCJleHAiOjE3NjA0MzM1Mjh9.6iIAZ8awuIAvEGBRDGfAfN31DI8vB2MjcXpVRLbbH0I"
}
}
{
"statusCode": 400,
"message": "Invalid credentials"
}
Register User
POST /auth/register
Create a new user account
Request
User’s password (minimum 8 characters)
Response
Similar to login response with newly created user data.
curl -X POST https://rzqklwfhwqmviintncqh.supabase.co/functions/v1/auth/register \
-H "Content-Type: application/json" \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-d '{
"name": "John Doe",
"email": "john@example.com",
"password": "securepassword123"
}'
Create Password
POST /auth/create-password
Set or update user password
Request
Verification code issued by the password reset flow
Response
User data and new access token
curl -X POST https://rzqklwfhwqmviintncqh.supabase.co/functions/v1/auth/create-password \
-H "Content-Type: application/json" \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-d '{
"email": "user@example.com",
"password": "newpassword123",
"code": "123456"
}'
Error Codes
| Status Code | Error | Description |
|---|
| 400 | Bad Request | Invalid request body or missing required fields |
| 401 | Unauthorized | Invalid credentials |
| 404 | Not Found | User not found |
| 500 | Internal Server Error | Server error occurred |
All authentication endpoints return JWT tokens that expire after 2 hours. Store tokens securely and handle expiration gracefully in your application.