Skip to main content
The SupaProxy API is a REST API served by the Hono backend. All endpoints are under /api/* except for the health check.

Base URL

https://your-instance:3001

Authentication

Most endpoints require authentication via a session cookie. The cookie is set on login or signup. 
Cookie: supaproxy_session=<JWT>
The JWT is httpOnly and secure in production. It contains the user ID, email, name, and role.

Public endpoints (no auth required)

EndpointDescription
GET /healthServer health check
POST /api/signupCreate account
POST /api/auth/loginSign in
GET /api/auth/sessionCheck session (returns null if unauthenticated)
GET /api/auth/logoutSign out
GET /api/modelsList available models

Protected endpoints

All other endpoints require the supaproxy_session cookie. Requests without a valid session receive 401 Unauthorized.

Request format

  • Request bodies are JSON (Content-Type: application/json)
  • All request bodies are validated with Zod schemas
  • Invalid requests return 400 with field-level error details

Response format

Successful responses return JSON. Common patterns: 
// Status response
{"status": "ok"}

// Data response
{"workspaces": [...]}

// Error response
{"error": "Workspace not found"}

Error codes

CodeMeaning
400Invalid request body (validation failed)
401Not authenticated
403Not authorised
404Resource not found
409Conflict (e.g. duplicate channel binding)
500Internal server error (details logged server-side)