Recuvix
Docsv1.0
← Back to App
Systems v1.0 Operational

CORE

POST/api/blog/generatePOST/api/outline/generatePOST/api/titles/suggest

SEO

POST/api/seo/meta

VOICE

POST/api/voice/transcribe

Authentication

All Recuvix API requests require authentication via a JSON Web Token (JWT).

How it works

Recuvix uses Supabase Auth for identity management. Every request to a protected endpoint must include an Authorization header with your session's JWT.

bash

Getting a token

There are several ways to retrieve your JWT depending on your environment:

1

Client-side (Browser)

If you are calling the API from a browser where the user is already logged in, use the Supabase client:

typescript
2

Server-side (Node.js)

For server-to-server calls, you can exchange user credentials for a session or use a service role key if performing administrative tasks.

typescript
JWT tokens expire after 1 hour. Ensure your client handles token refreshing automatically via supabase.auth.refreshSession().

API Keys (BYOK)

For generation-related endpoints, you must also provide your LLM API key in the request body. This is distinct from the Authorization header.

json

Security Note

Never expose your Supabase Service Role Key or your LLM API Keys on the client-side. Always use environment variables and server-side proxies for production applications.