Skip to main content

Authentication

Finindex uses JWT-based authentication via Supabase Auth, shared with the Cutmake API. Obtain an access_token, send it as a Bearer token on every request, and refresh it before it expires.

Login

Login is form-encoded (application/x-www-form-urlencoded) with username and password fields. The username field is the user’s email address.
username
string
required
User’s email address
password
string
required
User’s password
Response (200):

Refresh

Exchange a valid refresh_token for a new access_token.
refresh_token
string
required
The refresh token issued at login
Response (200):

Using the Token

Send the access token as a Bearer token on every authenticated request:
Store the refresh_token securely and call POST /auth/refresh when the access token nears expiry rather than re-prompting for credentials.
Requests without a valid Bearer token return 401 Unauthorized. Requests for resources outside your organization return 403 Forbidden.