API Reference

Nexus exposes a REST API via Supabase Edge Functions and the Supabase auto-generated PostgREST API. This section covers authentication, conventions, and the public OpenAPI specification.

In this section

• Authentication — how to obtain and use tokens.
• Rate Limiting & Pagination — request limits and result pagination.
• OpenAPI Specification — interactive spec and download link.

API base URLs

Service	Base URL	Description
Edge Functions	https://<project-ref>.supabase.co/functions/v1/	Custom serverless endpoints
PostgREST	https://<project-ref>.supabase.co/rest/v1/	Auto-generated CRUD from database
Auth	https://<project-ref>.supabase.co/auth/v1/	Supabase Auth endpoints
Storage	https://<project-ref>.supabase.co/storage/v1/	File uploads and downloads

Replace <project-ref> with your Supabase project reference. Exact URLs are provided during onboarding and are not published publicly.

Security model

All API requests require a valid bearer token. Nexus uses two types of tokens:

1. User JWT — issued by Supabase Auth after login. Contains user_id, organization_id, and role. Used by the frontend and by third-party integrations.
2. Service Role Key — a privileged key for server-to-server operations. Never exposed to clients or public documentation.

Every write endpoint is explicitly marked "Auth Required" in the specification. Read endpoints also require authentication unless explicitly marked as public (e.g., webhook receivers with verify-token validation).

Endpoint tags

The OpenAPI specification organizes endpoints into these tags:

Tag	Description
Auth	Authentication and session management
Contacts	Contact (customer) CRUD and search
Messages	Send and receive messages across channels
Orders	Order management and lifecycle
Inventory	Stock, warehouse, and bin operations
Shipping	AWB creation, tracking, labels
VoIP	Call initiation, CDR, extensions
AI	AI annotation, insights, embeddings
Automation	Workflow rules and execution
Integrations	Integration setup and sync