API Authentication | Track Link

Overview

The Track Link API uses Bearer token authentication. All API requests must include a valid access token in the Authorization header.

Getting Your Access Token

Track Link uses Supabase for authentication. When you log in through the web interface, a JWT access token is generated. For API access, you can obtain this token from your browser's localStorage after logging in.

Note: API keys for programmatic access are coming soon. For now, use the JWT token from your authenticated session.

Making Authenticated Requests

Include the token in the Authorization header:

curl -X GET "https://api.gettrack.link/api/links" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Token Expiration

Access tokens expire after 1 hour. The Supabase client automatically refreshes tokens when using the web interface. For API access, you'll need to refresh the token before it expires.

Error Responses

401 Unauthorized

Returned when the token is missing, invalid, or expired.

{
  "statusCode": 401,
  "message": "Unauthorized",
  "error": "Invalid or expired token"
}

403 Forbidden

Returned when you don't have permission for the requested resource.

{
  "statusCode": 403,
  "message": "Forbidden",
  "error": "You do not have access to this resource"
}

JavaScript Example

const API_URL = 'https://api.gettrack.link';

async function fetchLinks(token) {
  const response = await fetch(`${API_URL}/api/links`, {
    headers: {
      'Authorization': `Bearer ${token}`,
      'Content-Type': 'application/json',
    },
  });

  if (!response.ok) {
    throw new Error('Failed to fetch links');
  }

  return response.json();
}