> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runaether.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Aether API

Aether uses Supabase JWT authentication. The token contains the user ID in the `sub` claim and is required for most API endpoints.

## Authentication Methods

### Bearer Token (REST API)

Include the token in the `Authorization` header:

```bash theme={null}
curl https://api.runaether.dev/projects \
  -H "Authorization: Bearer YOUR_TOKEN"
```

### WebSocket Subprotocol

When connecting via WebSocket, pass the token as a subprotocol:

```javascript theme={null}
const ws = new WebSocket("wss://api.runaether.dev/ws", [
  "access_token",
  "YOUR_TOKEN"
]);
```

### Environment Variable (CLI)

Set the `AETHER_TOKEN` environment variable for CLI usage:

```bash theme={null}
export AETHER_TOKEN="YOUR_TOKEN"
aether projects list
```

## Obtaining a Token

### Via the CLI

```bash theme={null}
aether auth token
```

This prints your current access token to stdout. Useful for scripting:

```bash theme={null}
curl https://api.runaether.dev/projects \
  -H "Authorization: Bearer $(aether auth token)"
```

## Token Refresh

Access tokens expire after a short period. Use the refresh token to obtain a new access token without re-authenticating. The CLI handles token refresh automatically.

## Unauthenticated Requests

Requests to protected endpoints without a valid token receive a `401 Unauthorized` response:

```json theme={null}
{
  "error": "Unauthorized"
}
```