Skip to main content

Overview

Solo Mobile uses Bearer token authentication. You’ll need to include your access token in the Authorization header of all API requests.

Getting Your Access Token

From the Dashboard

  1. Log in to solomobile.ai
  2. Go to SettingsAPI
  3. Click Generate Token
  4. Copy and securely store your token
Treat your API token like a password. Never share it or commit it to source control.

Programmatically

You can also authenticate using email/password to get a session token: 
curl -X POST "https://mtxbiyilvgwhbdptysex.supabase.co/auth/v1/token?grant_type=password" \
  -H "apikey: YOUR_ANON_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your-password"
  }'
Response: 
{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "bearer",
  "expires_in": 3600,
  "refresh_token": "..."
}

Using the Token

Include the token in the Authorization header: 
curl -X GET "https://mtxbiyilvgwhbdptysex.supabase.co/functions/v1/endpoint" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json"

Token Expiration

  • Access tokens expire after 1 hour
  • Use the refresh token to get a new access token
  • API tokens from the dashboard don’t expire (until revoked)

Refreshing Tokens

curl -X POST "https://mtxbiyilvgwhbdptysex.supabase.co/auth/v1/token?grant_type=refresh_token" \
  -H "apikey: YOUR_ANON_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "refresh_token": "YOUR_REFRESH_TOKEN"
  }'

Revoking Tokens

To revoke an API token:
  1. Go to SettingsAPI in the dashboard
  2. Find the token you want to revoke
  3. Click Revoke
The token will immediately stop working.

Security Best Practices

Store tokens in environment variables, not in code.
export SOLO_API_TOKEN="your-token"
Generate new tokens periodically and revoke old ones.
Request only the permissions your application needs.
Check your API usage in the dashboard for unexpected activity.