Skip to Content
API ReferenceAuthentication

Authentication

All API requests require authentication via the Authorization header.

Methods

Supabase Session Token

For portal and frontend applications, use a Supabase JWT:

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

This is automatically handled by the portal. The token carries user identity and organization membership.

API Key

For server-to-server and programmatic access:

Authorization: Bearer ord_sk_...

API keys are created in Settings > API Keys and are scoped to specific permissions.

Auth Context

Every authenticated request provides an auth context:

FieldDescription
organizationIdThe organization this request is scoped to
user.idThe user’s ID (undefined for API key auth)
roleThe user’s role: owner, admin, or member

Scopes

API keys are scoped to limit what they can access. Each endpoint requires specific scopes.

Orders
orders:readView orders and order details
orders:writeCreate and update orders
Shipments
shipments:readView shipments and tracking info
shipments:writeCreate and update shipments
Bridges
bridges:readView bridge configurations
bridges:writeCreate, update, and delete bridges
Transformations
transformations:readView data transformations
transformations:writeCreate and update transformations
Webhooks
webhooks:manageConfigure webhook endpoints
Carrier Accounts
carrier-accounts:readView carrier account details
carrier-accounts:writeManage carrier accounts
Rates
rates:readFetch shipping rates
Pickups
pickups:readView scheduled pickups
pickups:writeSchedule and cancel pickups
Dispatchers
dispatchers:readView dispatcher rules
dispatchers:writeCreate and update dispatchers
Operations
operations:readView operations and items
operations:writeCreate and update operations
operations:executeExecute operations and apply actions
Insights
insights:readView dashboard analytics and reports
insights:writeConfigure insight settings
Agent
agent:readView agent conversations and memory
agent:writeSend messages to the AI agent
agent:adminManage agent settings and standing orders
Embed
embed:manageManage embed access codes and config

Error Responses

StatusDescription
401Missing or invalid authentication
403Authenticated but lacking required scope/permission
API ReferenceErrors