Skip to main content
The Millenium Potters API uses a hybrid authentication system combining Supabase OAuth and JWT-based email/password authentication.

Authentication Methods

The API supports two authentication methods:
  1. Email/Password Authentication: Traditional login using JWT tokens
  2. Supabase OAuth: Google OAuth login via Supabase

Token Management

When you authenticate successfully, you receive:
  • Access Token: Used for API requests (expires in 7 days)
  • Refresh Token: Used to obtain new access tokens

Authentication Header Format

All authenticated requests must include the access token in the Authorization header: 
Authorization: Bearer <your_access_token>

Session Management

  • Maximum of 3 active sessions per user
  • Sessions expire after 7 days
  • When the limit is reached, the oldest session is automatically revoked
  • Sessions are tracked by IP address and user agent

Authentication Endpoints

Login

Authenticate with email and password

Logout

Revoke your current session

Password Reset

Request a password reset link

Error Responses

Authentication endpoints return standard error responses:
  • 401 Unauthorized: Invalid credentials or expired token
  • 403 Forbidden: Account is inactive or insufficient permissions
  • 503 Service Unavailable: System is in maintenance mode (non-admin users only)

Security Features

  • Password requirements: minimum 8 characters, one uppercase, one lowercase, one number
  • Automatic session cleanup for expired sessions
  • Protected super admin accounts cannot be impersonated or have passwords changed
  • Failed login attempts are tracked
  • All sessions can be viewed and revoked individually

Build docs developers (and LLMs) love

Get started for freeTalk to us