Skip to content

Getting a Test JWT Token

This guide explains how to get a JWT token for testing authenticated endpoints.

Quick Start

  1. Create a test user in Supabase Studio:
  2. Open http://127.0.0.1:54323
  3. Navigate to Authentication > Users
  4. Click Add user (or Invite user)
  5. Set an email (e.g., test@example.com)
  6. Set a password (e.g., password123)

  7. Click Create user

  8. Get the token using the helper script: 

    deno run --allow-net --allow-env scripts/get-test-token.ts test@example.com password123

  9. Copy the token from the output and use it:

  10. In api.http: Paste the token in the @authToken variable
  11. In curl: Use -H "Authorization: Bearer <token>"
  12. In code: Use the token in your API client

Alternative: Using Supabase Client

You can also get a token programmatically:

import { createClient } from "@supabase/supabase-js";

const supabase = createClient(
  "http://127.0.0.1:54321",
  "your-anon-key" // Get from: supabase status
);

const { data, error } = await supabase.auth.signInWithPassword({
  email: "test@example.com",
  password: "password123",
});

if (data.session) {
  console.log("Token:", data.session.access_token);
}

Production Token Setup

For production environments, use the production token setup script:

deno task setup:production

This will: - Authenticate with production Supabase - Get a production JWT token - Update api.http with production URLs and token

Usage: 

# Interactive (prompts for input)
deno task setup:production

# With arguments
deno task setup:production <email> <password> <project-ref>

# With environment variables
export SUPABASE_URL=https://xxx.supabase.co
export SUPABASE_ANON_KEY=your-anon-key
export SUPABASE_PROJECT_REF=xxx
deno task setup:production <email> <password>

What it does: 1. Connects to production Supabase 2. Authenticates with email/password 3. Gets a JWT access token 4. Updates api.http with: - Production JWT token (@authToken) - Production base URL (@baseUrl) - Function-specific URLs (@browseUrl, @searchUrl, etc.)

For more details, see Usage Guide.

Testing Without Authentication

For testing public endpoints (GET domains, trails, sparks, etc.), you don't need a token. These endpoints work without authentication:

  • GET /api/v1/domains
  • GET /api/v1/trails
  • GET /api/v1/sparks
  • GET /api/v1/search
  • GET /health

Only endpoints under /api/v1/me/* require authentication.

Troubleshooting

"Invalid JWT" error

  • Make sure the token is valid (not expired)
  • Verify the user exists in Supabase Studio
  • Check that you're using the correct Supabase URL and keys

"Missing authorization header" error

  • This should only happen on authenticated endpoints
  • For public endpoints, try using the dev server (http://localhost:8000) instead of the edge function
  • Make sure you're not sending an empty Authorization header

Token expired

JWT tokens expire after a certain time (default: 1 hour). Simply run the helper script again to get a new token.