Authentication & Storage

Auth and Storage endpoints are proxied through the control plane to each project’s GoTrue (authentication) and Storage (file management) services. Substitute <PLATFORM_URL> with your Studio app’s base URL (e.g. http://localhost:3001 in dev) and {ref} with your project ref. These endpoints use a different auth scheme than the /api/* AI surface: a signed-in user’s platform JWT, not the project’s Service Role key from the Connect modal.

Common Patterns

For authentication, list users with GET /api/platform/auth/{ref}/users and create them with POST. For storage, list buckets and upload files under /api/platform/storage/{ref}/*. A platform JWT (signed-in user’s access token) is required; service-role bypasses are not available through the proxy. For client-side GoTrue and Storage calls that talk directly to your project (not through this proxy), use the Anon (Publishable) Key from the Connect modal with RLS / Storage policies.

Authentication (via Control Plane)

GET /api/platform/auth//users

List project auth users. Full URL: GET <PLATFORM_URL>/api/platform/auth/{ref}/users

import requests

PLATFORM_URL = "http://localhost:3001"  # your Studio app base
REF = "your-project-ref"

response = requests.get(
    f"{PLATFORM_URL}/api/platform/auth/{REF}/users",
    headers={"Authorization": "Bearer YOUR_PLATFORM_JWT"},
)

POST /api/platform/auth//users

Create an auth user. Full URL: POST <PLATFORM_URL>/api/platform/auth/{ref}/users

requests.post(
    f"{PLATFORM_URL}/api/platform/auth/{REF}/users",
    headers={"Authorization": "Bearer YOUR_PLATFORM_JWT", "Content-Type": "application/json"},
    json={"email": "user@example.com", "password": "securepass"},
)

Storage (via Control Plane)

GET /api/platform/storage//buckets

List storage buckets. Full URL: GET <PLATFORM_URL>/api/platform/storage/{ref}/buckets

response = requests.get(
    f"{PLATFORM_URL}/api/platform/storage/{REF}/buckets",
    headers={"Authorization": "Bearer YOUR_PLATFORM_JWT"},
)

POST /api/platform/storage//object//

Upload a file. Full URL: POST <PLATFORM_URL>/api/platform/storage/{ref}/object/{bucket}/{path}

with open("file.txt", "rb") as f:
    requests.post(
        f"{PLATFORM_URL}/api/platform/storage/{REF}/object/mybucket/file.txt",
        headers={"Authorization": "Bearer YOUR_PLATFORM_JWT"},
        files={"file": f},
    )

Error Responses

Status	Code	Description
401	`unauthorized`	Missing or invalid authentication credentials

​Common Patterns

​Authentication (via Control Plane)

​GET /api/platform/auth//users

​POST /api/platform/auth//users

​Storage (via Control Plane)

​GET /api/platform/storage//buckets

​POST /api/platform/storage//object//

​Error Responses