Authentication

All DataKubo API endpoints under /api/v1/ require authentication. Two methods are supported — API key and JWT bearer token.

API Key (recommended)

The simplest way to authenticate. Your API key is generated automatically on signup.

curl -H "X-API-Key: dk_live_abc123..." \
  https://api.datakubo.com/api/v1/devices

Find your API key in Settings → API in the admin dashboard.

💡

API key authentication is recommended for server-to-server integrations, webhooks, and scripts.

JWT Bearer Token

For browser-based applications and user-specific access, use a Supabase JWT token:

curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  https://api.datakubo.com/api/v1/devices

JWT tokens are obtained through the Supabase Auth flow (magic link or Google OAuth).

Authentication order

When both headers are present, the API tries authentication in this order:

X-API-Key header — checked first
Authorization: Bearer header — checked if no API key

Public endpoints

These endpoints do not require authentication:

Endpoint	Description
`/health`	Health check
`/ping`	Ping/pong
`/docs`	Swagger UI
`/redoc`	ReDoc UI
`/openapi.json`	OpenAPI specification

Multi-tenant security

Every authenticated request is scoped to your organization. You can only access devices, customers, and data that belong to your organization. This is enforced at both the API level and the database level (Row Level Security).

⚠️

Never expose your API key in client-side code. Use it only in server-to-server contexts.

Next steps

API Reference — explore all endpoints
Quick Start — set up your first integration