API Authentication

Authentication

All API requests require a valid Supabase JWT token in the Authorization header:

curl -H "Authorization: Bearer <your-jwt-token>" \
  https://api.apol.dev/api/v1/agent/sessions

Obtaining a Token

Tokens are obtained through Supabase Auth:

Login via Supabase Auth (email/password)
Receive access token and refresh token
Include the access token in all API requests
Refresh tokens automatically when they expire

Token Validation

The backend validates tokens using the Supabase JWT secret. Invalid or expired tokens return:

{
  "detail": "Invalid or expired token",
  "status_code": 401
}

Feature Guards

Some endpoints are protected by feature guards. If a feature is disabled for your team, the endpoint returns:

{
  "detail": "Feature not available",
  "status_code": 403
}

Organization Context

Most endpoints require an organization context, passed via the X-Organization-ID header or inferred from the authenticated user’s active organization.

Backend API

Apollo Brain Tools

API Authentication

Authentication

Obtaining a Token

Token Validation

Feature Guards

Organization Context

Backend API

Apollo Brain Tools

​Authentication

​Obtaining a Token

​Token Validation

​Feature Guards

​Organization Context

Authentication

Obtaining a Token

Token Validation

Feature Guards

Organization Context