Authentication

SendHub uses the Supabase client for all API access. Your API secret key is created in the SendHub dashboard and automatically scopes all queries to your organization via row-level security.

Quick Start

Your API Secret Key is available in the SendHub dashboard under API Keys. That’s the only credential you need.

Keep your secret key safe. This key grants full access to your organization’s data. Never expose it in client-side code, public repositories, or browser bundles. Store it in an environment variable (.env file with .gitignore) or a secrets manager like Google Cloud Secret Manager, AWS Secrets Manager, or Doppler. For client-side apps where users authenticate themselves, see Client-Side API — no secret key needed.

import { createClient } from '@supabase/supabase-js'

const API_SECRET_KEY = 'your-api-secret-key' // from Dashboard → API Keys

const sendhub = createClient(
  'https://noddeqgxbyujhpqxezbg.supabase.co',
  'sb_publishable_YVA7_HVuhhguR-OVA-LZPg_ecJF2CY2',
  { global: { headers: {
    Authorization: `Bearer ${API_SECRET_KEY}`
  }}}
)

// All queries are scoped to your org automatically
const { data } = await sendhub.from('conversations').select('*')

Python

from supabase import create_client, ClientOptions

API_SECRET_KEY = "your-api-secret-key"  # from Dashboard → API Keys

sendhub = create_client(
    "https://noddeqgxbyujhpqxezbg.supabase.co",
    "sb_publishable_YVA7_HVuhhguR-OVA-LZPg_ecJF2CY2",
    options=ClientOptions(
        headers={"Authorization": f"Bearer {API_SECRET_KEY}"}
    )
)

data = sendhub.table("conversations").select("*").execute()

cURL / Any HTTP Client

curl 'https://noddeqgxbyujhpqxezbg.supabase.co/rest/v1/conversations?select=*' \
  -H 'apikey: sb_publishable_YVA7_HVuhhguR-OVA-LZPg_ecJF2CY2' \
  -H 'Authorization: Bearer your-api-secret-key'

Enterprise / Self-hosted

Enterprise customers with their own Supabase project need all three credentials from their project settings:

const PROJECT_URL = 'your-project-url'
const ANON_KEY = 'your-anon-key'
const API_SECRET_KEY = 'your-api-secret-key'

const sendhub = createClient(
  PROJECT_URL, ANON_KEY,
  { global: { headers: {
    Authorization: `Bearer ${API_SECRET_KEY}`
  }}}
)

Client-Side Alternative

Building a browser app or dashboard? You don’t need an API secret key at all — users authenticate themselves via Google or email. See Client-Side API for the full guide and a comparison of both approaches.

Role-Based Access

RoleConversationsContactsChannelsSettingsBilling
OwnerFullFullFullFullFull
AdminFullFullFullFullFull
AgentRead/WriteRead/WriteReadRead
API Secret KeyFullFullReadRead
Previous ← Overview Next Client-Side API →