The Auth primitive operates on a fullstack app’s Supabase project. Auth configuration uses the Management API (via the apps Supabase proxy); admin user management uses GoTrue (/auth/v1/admin) with the service-role key. App-scoped, on both the company mount and per-user mount; the kit must enable the auth primitive on per-user mounts.
Admin user operations use the project service-role key — privileged. Disable the auth primitive in an Account Kit to keep agents away from end-user accounts.
Endpoints
| Method | Path | Description |
|---|
GET / PATCH | /v1/apps/:id/supabase/proxy/v1/projects/{ref}/config/auth | Read / update auth config (Management API) |
ANY | /v1/apps/:id/auth/proxy/* | GoTrue passthrough (/auth/v1/*, incl. /admin/users) |
# Auth config
curl "https://api.usenaive.ai/v1/apps/<app-id>/supabase/proxy/v1/projects/<ref>/config/auth" \
-H "Authorization: Bearer nv_sk_live_..."
# Admin: list users
curl https://api.usenaive.ai/v1/apps/<app-id>/auth/proxy/admin/users \
-H "Authorization: Bearer nv_sk_live_..."
# Admin: create user
curl -X POST https://api.usenaive.ai/v1/apps/<app-id>/auth/proxy/admin/users \
-H "Authorization: Bearer nv_sk_live_..." -H "Content-Type: application/json" \
-d '{"email":"user@example.com","password":"...","email_confirm":true}'
SDK
await naive.auth.updateConfig({ site_url: "https://myapp.com" });
await naive.forUser(userId).auth.users.create({ email: "u@example.com", password: "..." });
auth sub-client. 
