Skip to content

API Key Authentication Guide

Problem

When using Supabase REST API directly with custom API keys (cg_...), you may encounter this error:

{
 "message": "No API key found in request",
 "hint": "No `apikey` request header or url param was found."
}

Root Cause

Supabase REST API only accepts Supabase's own API keys (anon or service_role keys), not custom API keys. Custom API keys (cg_...) are only supported in Edge Functions.

Solutions

For direct REST API calls, use the Supabase anon key with the apikey header (lowercase):

curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/rest/v1/contacts?first_name=ilike.*John*' \
 --header 'apikey: YOUR_SUPABASE_ANON_KEY' \
 --header 'Authorization: Bearer YOUR_SUPABASE_ANON_KEY'

Note: Replace YOUR_SUPABASE_ANON_KEY with your actual Supabase anon key from the Supabase Dashboard → Settings → API.

We've created a proxy Edge Function that allows you to use custom API keys (cg_...) with REST API endpoints.

Base URL: https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/rest-api-proxy

Example:

# Instead of:
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/rest/v1/contacts?first_name=ilike.*John*' \
 --header 'X-API-Key: cg_your_api_key_here'

# Use:
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/rest-api-proxy/contacts?first_name=ilike.*John*' \
 --header 'X-API-Key: cg_your_api_key_here'

Supported Query Parameters:

  • select - Specify columns to return: ?select=id,first_name,last_name
  • order - Order results: ?order=created_at.desc
  • Filter operators:
  • ?first_name=eq.John - Equals
  • ?first_name=ilike.*John* - Case-insensitive like (use * for wildcards)
  • ?age=gt.18 - Greater than
  • ?age=gte.18 - Greater than or equal
  • ?age=lt.65 - Less than
  • ?age=lte.65 - Less than or equal
  • ?tags=contains.["tag1","tag2"] - Contains array
  • ?id=in.uuid1,uuid2 - In array
  • limit - Limit results: ?limit=50
  • offset - Pagination: ?offset=100

Example Queries:

# Search contacts by name
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/rest-api-proxy/contacts?first_name=ilike.*John*' \
 --header 'X-API-Key: cg_...'

# Get conversations with pagination
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/rest-api-proxy/conversations?limit=20&offset=0&order=last_message_at.desc' \
 --header 'X-API-Key: cg_...'

# Get specific columns only
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/rest-api-proxy/contacts?select=id,first_name,last_name,phones' \
 --header 'X-API-Key: cg_...'

Option 3: Use Edge Functions (For Complex Operations)

For more complex operations, use Edge Functions that support custom API keys:

# Example: Insert message
curl --location 'https://txpaxbxhnvnhsjwwaeoy.supabase.co/functions/v1/insert-message' \
 --header 'X-API-Key: cg_your_api_key_here' \
 --header 'Content-Type: application/json' \
 --data '{
 "phone": "+1234567890",
 "content": "Hello from API",
 "direction": "outgoing"
 }'

Key Differences

Method Header Name Key Type Use Case
Supabase REST API apikey (lowercase) Supabase anon key Direct database access
REST API Proxy X-API-Key Custom cg_... key External API access
Edge Functions X-API-Key Custom cg_... key Complex operations

Security Notes

  1. Custom API keys are scoped to your organization and respect Row Level Security (RLS) policies
  2. Supabase anon key has broader access but is still limited by RLS policies
  3. Always use HTTPS in production
  4. Never expose your Supabase service_role key in client-side code

Troubleshooting

Error: "No API key found in request"

  • Cause: Using wrong header name or missing header
  • Fix: Use apikey (lowercase) for Supabase REST API, or X-API-Key for proxy/edge functions

Error: "Invalid or expired API key"

  • Cause: API key is invalid, expired, or inactive
  • Fix: Generate a new API key from Settings → API Keys

Error: "Invalid URL format"

  • Cause: Incorrect proxy URL format
  • Fix: Use format: /rest-api-proxy/<table_name>?<query_params>

Getting Your Supabase Anon Key

  1. Go to Supabase Dashboard
  2. Select your project
  3. Go to Settings → API
  4. Copy the anon public key

Generating Custom API Keys

  1. Log into ConnectGain
  2. Go to Settings → API Keys
  3. Click "Generate API Key"
  4. Save the key immediately (it's only shown once)