api
API authentication
How to authenticate storefront, customer, and creator API calls.
1 min read · Updated 2026-05-10
AI explanation
This article explains Salvya API authentication using Supabase session cookies, the auth probe endpoint, and creator session requirements.
- Browser clients use HttpOnly session cookies after sign-in
- GET /api/auth/me returns the signed-in profile
- Creator routes require an approved creator session
- Never expose session tokens in client-side logs or public repos
Session probe
http
GET /api/auth/meReturns the current user, roles, and session metadata.
Creator session
Creator endpoints (`/api/creator/*`) require:
- Valid session
- Approved creator programme status
Integration webhooks
Partner webhook access is limited to approved integrations. Contact the developer portal for partnership enquiries.
