· Iren Saltali · tutorials · 2 min read

Build Passwordless API Auth With Supabase

A practical guide to email and phone OTP routes using the Supabase integration already implemented in the gateway.

The short answer: Serverless API Gateway can front Supabase OTP flows so your API exposes consistent auth endpoints without hand-writing the send and verify handlers yourself.

When to read this

  • You want passwordless sign-in backed by Supabase.
  • You need API endpoints for OTP send and verify.
  • You want the gateway to verify Supabase JWTs on protected routes later.

What matters in practice

  • Configure the Supabase authorizer and environment first.
  • Expose a send route and a verify route separately.
  • Treat email-template setup as part of delivery, not a footnote.

Concrete example

        {
        "authorizer": {
          "type": "supabase",
          "jwt_secret": "$env.SUPABASE_JWT_SECRET",
          "issuer": "https://YOUR_PROJECT.supabase.co/auth/v1",
          "audience": "authenticated"
        },
        "paths": [
          { "method": "POST", "path": "/api/auth/otp", "integration": { "type": "supabase_passwordless_auth" } },
          { "method": "POST", "path": "/api/auth/verify", "integration": { "type": "supabase_passwordless_verify" } }
        ]
      }

The example above is intentionally small because the best gateway configs stay readable. Add only the route, auth, and mapping behavior you actually need.

How this maps to the current gateway

The current codebase already supports the behavior discussed here through its config schema, route matcher, and integration handlers. That is why this project is a good fit for reader-first examples: the docs and blog can point to real, implemented behavior instead of hypothetical gateway features.

What this product does not do

  • The repo does not implement a full user-management UI.
  • OTP email behavior still depends on your Supabase project configuration.

FAQ

That is usually a project email-template configuration issue, not a gateway routing issue.

Can I support phone OTP too?

Yes. The codebase exposes a dedicated phone OTP path.

Last reviewed: March 6, 2026

Share:
Back to Blog

Related Posts

View All Posts »