Email and password sign-in
const url = 'https://example.com/api/auth/login';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"email":"hello@example.com","password":"example"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/auth/login \ --header 'Content-Type: application/json' \ --data '{ "email": "hello@example.com", "password": "example" }'Supabase password grant. Allowed only from trusted frontend origins (same allowlist as magic link). Magic link remains the default UX; password is optional for accounts that have one.
Request Body required
Section titled “Request Body required ”object
Responses
Section titled “ Responses ”Access and refresh tokens
object
object
Invalid request
object
Human-readable error message
Stable machine-readable error code for client branching
First validation message per field path
object
Structured validation issues (Zod)
object
Seconds until rate limit resets (429 responses)
Not authenticated
object
Human-readable error message
Stable machine-readable error code for client branching
First validation message per field path
object
Structured validation issues (Zod)
object
Seconds until rate limit resets (429 responses)
True if re-linking GitHub may fix the issue
Forbidden
object
Human-readable error message
Stable machine-readable error code for client branching
First validation message per field path
object
Structured validation issues (Zod)
object
Seconds until rate limit resets (429 responses)
Rate limited