Skip to main content

Authentication

DalyAPI uses JWT bearer tokens for protected endpoints.

Flow 1: API Key Exchange

Use workspace + user API keys to request a JWT. Endpoint: POST /auth/token 
{
  "workspace_id": "WORKSPACE_API_KEY",
  "user_id": "USER_API_KEY"
}
Returns: 
{
  "result": "success",
  "token": "<jwt>"
}

Flow 2: Supabase Exchange

If your client already has a Supabase token:
  1. GET /auth/workspaces to list accessible workspaces
  2. POST /auth/exchange-supabase with chosen workspace_id
Both endpoints require: 
Authorization: Bearer <supabase-access-token>

Use the Daly JWT

For protected routes: 
Authorization: Bearer <daly-jwt>
Example: 
curl -sS "$DALY_API_BASE_URL/tasks" \
  -H "Authorization: Bearer $DALY_TOKEN"

JWT Claims (Server-Validated)

Core claims used by API dependencies:
  • workspace_id
  • user_id
  • organization_id (optional)
  • workspace_role (optional, refreshed from DB)
Keep API keys and JWTs server-side where possible. Workspace and user API keys are long-lived credentials.