AUTHENTICATION

Two authentication methods. Use whichever fits your integration.

Method 1: Supabase JWT (Dashboard Sessions)

Used automatically by the Qntyx dashboards. When you sign in at app.qntyx.io/login, Supabase issues a JWT that all product APIs accept.

Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

JWTs are short-lived (1 hour) and auto-refresh via the Supabase client library. Best for browser-based access.

Method 2: API Key (Developer Integrations)

For server-to-server, CI/CD, and SDK usage. Create API keys from any product dashboard → API Keys → Create Key.

Authorization: Bearer qntyx_veil_a3f7c2e19b4d5f8e1c2a3b4d5e6f7a8b

Key Format

Part	Example	Description
Prefix	qntyx_	Platform identifier
Product	veil_	Which product this key authenticates
Secret	a3f7c2e1...	32 hex characters of quantum entropy

Security

• Keys are shown once on creation — save immediately
• Only the SHA-256 hash is stored server-side
• Rotate keys regularly via the dashboard or API
• Revoked keys return 401 Unauthorized immediately

Rate Limits

Plan	Requests/minute	Requests/day
Free	60	1,000
Pro / Growth	300	50,000
Enterprise	1,000	Unlimited

Error Codes

Code	Meaning
401	Missing, expired, or revoked token
403	Valid token but feature requires a higher plan
429	Rate limit exceeded