04

Authentication

Getting started1 min read

Use Supabase sessions or scoped B2B API keys through the BFF boundary.

  • Browser and first-party clients use Supabase Auth sessions.
  • B2B callers use hashed, scoped, revocable API keys with expiry and rate limits.
  • Third-party connector tokens stay behind Auth0 Token Vault and tool-gateway.
  • Financial and irreversible actions may require a fresh step-up token in X-Step-Up-Token.
Client SDK
import { AgentPlatformClient } from '@agent-platform/client-sdk';const client = new AgentPlatformClient({  baseUrl: 'http://localhost:3110',  getAccessToken: () => session.access_token,});const profile = await client.getProfile();

Was this page helpful?

Edit on GitHub