Authentication
How to authenticate with the HedgeEm API using Supabase JWTs.
All endpoints except GET /api/health require a valid Supabase JWT passed as a
Bearer token in the Authorization header.
Authorization: Bearer <your-supabase-jwt>Authentication is currently in stub mode (HEDGE-31). Any Bearer token is accepted. Real Supabase JWT verification will be added when HEDGE-31 is implemented.
Testing in the Mintlify playground
When you open an endpoint in the API Reference and click Try it, the playground
shows an Authorization input field. In stub mode, enter any non-empty value —
for example test — and click Send.
Open an endpoint
Navigate to any endpoint in the API Reference (e.g. Game → Deal Hands).
Enter a token
In the Authorization field, type any value such as test.
The playground will send Authorization: Bearer test.
Send the request
Fill in any required body fields and click Send. You should receive a 200 response.
Obtaining a token
Sign in via the Supabase Auth API for your project:
curl -X POST https://your-project.supabase.co/auth/v1/token?grant_type=password \
-H "apikey: your-supabase-anon-key" \
-H "Content-Type: application/json" \
-d '{"email": "player@example.com", "password": "your-password"}'The response includes an access_token — use this as your Bearer token.
Token lifetime
Supabase JWTs are valid for 1 hour by default. The game client should handle token refresh automatically using the Supabase JS client.
Error response
If the token is missing or invalid, the API returns:
{
"error": "Missing or invalid Authorization header."
}With HTTP status 401 Unauthorized.