Authentication

All CoreTone API requests require authentication via a Bearer token in the Authorization header.

API Keys

Generate API keys from the Developer Portal in your YourWave account. Each key is scoped to your organization and inherits your plan’s rate limits and credit balance.

Authorization: Bearer YOUR_API_KEY

Example Request

curl -X POST \
  https://yeoffsnpsacsnxphsokr.supabase.co/functions/v1/public-profile-lookup \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"email": "contact@example.com"}'

Key Management

Create keys from the Developer Portal
Revoke keys instantly if compromised
Rotate keys periodically as a security best practice
Each organization can have multiple active keys

Security Best Practices

Never expose API keys in client-side code, public repositories, or browser-accessible JavaScript. API keys should only be used in server-side applications.

Store keys in environment variables or a secrets manager
Use separate keys for development and production
Monitor usage in the Developer Portal for unexpected activity
Revoke keys immediately if you suspect they have been compromised

CreditsUnderstand how CoreTone's credit system works.

⌘I

Authentication
API Keys
Example Request
Key Management
Security Best Practices

Getting Started

Guides

Authentication

Authentication

API Keys

Example Request

Key Management

Security Best Practices

Getting Started

Guides

​Authentication

​API Keys

​Example Request

​Key Management

​Security Best Practices

Authentication

API Keys

Example Request

Key Management

Security Best Practices