HTTP reference
API — Authentication & session helpers
Route Handlers under src/app/api. Non-public routes expect a Supabase session cookie. Admin routes also require profiles.role = admin.
PublicCallable without a session where the handler allows it.Signed inRequires a signed-in user.AdminAdmin role on your profile.
| Methods | Path | Access | Summary |
|---|---|---|---|
| POST | /api/auth/login | Public | Email/password sign-in; sets session cookies. |
| POST | /api/auth/logout | Public | Clear Supabase session cookies. |
| GET | /api/auth/session | Public | Lightweight session probe for the client. |
| POST | /api/auth/email-registered | Public | Check whether an email is already registered (signup UX). |
| POST | /api/auth/update-password | Public | Complete password reset when recovery session is present.Typically used after magic link / recovery flow. |
| PATCH | /api/auth/me | Signed in | Update lightweight auth-adjacent profile fields (e.g. UI language). |