Overview The Thrust API uses JWT tokens or API Key for authentication. Most endpoints require a valid JWT token passed as a Bearer token in the Authorization header.
Getting a JWT Token To authenticate with the Thrust API, you need to:
Create an thrust identity or log in through the Thrust application at onthrust.comHowever your username in top right corner at onthrust.com and click the API Key to copy it.
Include the API key in all API requests as Bearer API_KEY
Authentication Flow Using the API Key Include your JWT token in the Authorization header of every API request:
curl -X POST "https://yppncslmsswqydhhgygz.supabase.co/functions/v1/get-tokens" \ -H "Authorization: Bearer API_KEY" \ -H "Content-Type: application/json" \ -d '{ "filter": "trending", "limit": 20 }' Using the Token Include your JWT token in the Authorization header of every API request:
curl -X POST "https://yppncslmsswqydhhgygz.supabase.co/functions/v1/get-tokens" \ -H "Authorization: Bearer API_KEY" \ -H "Content-Type: application/json" \ -d '{ "filter": "trending", "limit": 20 }' Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9... Token Claims The JWT token contains the following claims:
Claim Description subUser ID (used throughout the API) iatIssued at timestamp expExpiration timestamp issToken issuer (Ory)
Authentication Examples JavaScript/TypeScript
Python
cURL
const fetchWithAuth = async ( endpoint , data ) => { const token = localStorage . getItem ( 'jwt_token' ); const response = await fetch ( `https://yppncslmsswqydhhgygz.supabase.co/functions/v1/ ${ endpoint } ` , { method: 'POST' , headers: { 'Authorization' : `Bearer ${ token } ` , 'Content-Type' : 'application/json' }, body: JSON . stringify ( data ) } ); return response . json (); }; // Example usage const tokens = await fetchWithAuth ( 'get-tokens' , { filter: 'trending' , limit: 20 });
Token Lifecycle Token Expiration JWT tokens expire after a set period. When a token expires:
The API returns a 401 Unauthorized error
Error message: "Invalid or expired authentication token"
Your application should refresh the token or prompt re-authentication
Handling Expired Tokens const apiCall = async ( endpoint , data ) => { let response = await fetchWithAuth ( endpoint , data ); if ( response . error && response . error . includes ( 'expired' )) { // Refresh token or re-authenticate await refreshToken (); // Retry request response = await fetchWithAuth ( endpoint , data ); } return response ; }; Optional Authentication Some endpoints support optional authentication :
/get-tokens - Returns public token data, with user-specific vote data if authenticated/get-posts - Shows public posts, with user votes if authenticated/get-topics - Returns topics, with user-specific data if authenticated
For these endpoints, you can make requests without a token, but you’ll receive limited data.
Security Best Practices Never expose your JWT tokens in client-side code, public repositories, or logs.
Recommended Practices
Store tokens securely
Use secure storage (localStorage with encryption, or httpOnly cookies)
Never commit tokens to version control
Implement token refresh
Refresh tokens before they expire
Handle token expiration gracefully
Use HTTPS only
Always use HTTPS for API requests
Tokens sent over HTTP can be intercepted
Validate on the server
The API validates all tokens server-side
Never trust client-side validation alone
Common Authentication Errors Status Code Error Message Solution 401 Missing authorization header Include Authorization: Bearer {token} header 401 Invalid or expired authentication token Refresh your token or re-authenticate 401 No user ID in token Token is malformed, obtain a new token 403 Insufficient permissions User doesn’t have access to this resource
Testing Authentication Use the /get-notifications endpoint to test your authentication:
curl -X POST "https://yppncslmsswqydhhgygz.supabase.co/functions/v1/get-notifications" \ -H "Authorization: Bearer API_KEY" \ -H "Content-Type: application/json" \ -d '{"limit": 1}' If authentication is successful, you’ll receive your notifications. Otherwise, you’ll get a 401 error.
Next Steps 