Skip to main content

TODO: Authentication Method

Team Input Needed: We need to document the actual authentication method used by api.ipster.com
Questions for the team:
  1. Do we use Bearer tokens? JWT? API keys? Supabase auth?
  2. Where do developers get their tokens/keys?
  3. How do tokens expire and refresh?
  4. What’s the token format and where to include it in requests?

TODO: Permission Levels

Questions for the team:
  1. What are the different permission levels? (Admin, User, Client, etc.)
  2. Which endpoints require which permissions?
  3. How do we handle organization-level permissions?
  4. Do we have role-based access control (RBAC)?

TODO: Example Request

Once we know the auth method, we’ll add examples like: 
// TODO: Replace with actual auth method
const response = await fetch('https://api.ipster.com/v1/agents', {
  headers: {
    'Authorization': 'Bearer YOUR_TOKEN_HERE', // TODO: Confirm format
    'Content-Type': 'application/json'
  }
});

TODO: Error Responses

Questions for the team:
  1. What error codes do we return for auth failures? (401, 403, etc.)
  2. What’s the error response format?
  3. Do we have specific error messages for different auth scenarios?

TODO: Security Best Practices

Questions for the team:
  1. Any rate limiting on authentication endpoints?
  2. Token storage recommendations for frontend?
  3. CORS configuration details?
  4. Any IP restrictions or other security measures?