Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.messagesender.ai/llms.txt

Use this file to discover all available pages before exploring further.

Every Amplifi API request must include two headers: an Authorization header containing your Bearer token, and an x-organization-id header identifying which organization the request targets. The server validates the Bearer token on each request and checks that the organization ID belongs to your account. Missing or invalid credentials return an error before any data is accessed.

How authentication works

When your user signs in, Amplifi issues a short-lived JWT access token. You pass this token as a Bearer credential on every API call. Once the token expires, requests return a 401 and you must re-authenticate to get a new token.

Required headers

Authorization
string
required
Bearer token issued when you sign in. Format: Bearer <access_token>.
x-organization-id
string (UUID)
required
The UUID of the organization you want to operate against. Your token must belong to a user with access to this organization.

Example authenticated request

curl https://api.amplifi.com/api/campaigns \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "x-organization-id: 3f4e5c6d-7a8b-9012-cdef-1234567890ab"

Token expiry and refresh

Supabase issues short-lived access tokens (typically 1 hour, depending on your Supabase project settings). When a token expires, all API calls return a 401 Unauthorized response. To get a new token, sign in again through your application’s authentication flow. If you are using the Amplifi JavaScript client or managing HTTP calls directly, listen for 401 responses and re-authenticate before retrying the request.
Token refresh happens automatically when using an Amplifi client library. For raw HTTP integrations, handle 401 responses by re-authenticating and retrying with the new token.

Multi-organization support

Your Supabase user account can belong to multiple organizations. The x-organization-id header tells the API which organization context to use for the request. All data returned and all writes performed are scoped to that organization. The organization ID must be a UUID that your authenticated user has been granted access to. If the ID is invalid or you do not have access, the API returns a 403 response.

Error responses

StatusMeaning
401 UnauthorizedThe Bearer token is missing, invalid, or expired. Re-authenticate to get a new token.
403 ForbiddenThe x-organization-id is missing, not a valid UUID, or your user does not have access to that organization.
429 Too Many RequestsYou have exceeded the rate limit. Check the Retry-After header for when you can retry.
Never expose your Bearer token in client-side code, logs, or version control. Treat it like a password.