Authentication
Two auth modes for the Workspaces API — SSO bearer for first-party UI, service key for server-to-server.
SSO Bearer (first-party UI)
Pass the Supabase session access token as a Bearer token. The acting user_id is derived from the verified token subject — no ?user_id param needed. If a user_id query param is also supplied, it must match the token subject or the request is rejected.
GET https://api.misar.io/io/workspaces
Authorization: Bearer <supabase_access_token>
Service Key (server-to-server)
Used by MisarMail, MisarReach, MisarPost, and any other Misar product calling the Workspaces API on behalf of a user. Pass the service key in a custom header plus the target user's UUID as a query param.
GET https://api.misar.io/io/workspaces?user_id=<uuid>
x-workspace-service-key: <WORKSPACE_SERVICE_KEY>
Environment variable
The service key is stored in the WORKSPACE_SERVICE_KEY environment variable on the calling product's server. Never expose it in client-side code.
With service-key auth the user_id query param is required — it identifies the acting user whose access is being evaluated. Requests without it return 401 Unauthorized.
SDK usage
import { createWorkspaceClient } from "@misar/workspace";
const workspaces = createWorkspaceClient({
baseUrl: "https://api.misar.io/io/workspaces",
serviceKey: process.env.WORKSPACE_SERVICE_KEY,
});