04
Authentication
Getting started1 min read
Use Supabase sessions or scoped B2B API keys through the BFF boundary.
- Browser and first-party clients use Supabase Auth sessions.
- B2B callers use hashed, scoped, revocable API keys with expiry and rate limits.
- Third-party connector tokens stay behind Auth0 Token Vault and tool-gateway.
- Financial and irreversible actions may require a fresh step-up token in X-Step-Up-Token.
import { AgentPlatformClient } from '@agent-platform/client-sdk';const client = new AgentPlatformClient({ baseUrl: 'http://localhost:3110', getAccessToken: () => session.access_token,});const profile = await client.getProfile();Was this page helpful?
Edit on GitHub