Future AI exposes its backend through Supabase Edge Functions — standard HTTPS endpoints, JWT auth, and a PostgreSQL data layer. This page documents only what actually exists. Every endpoint, field, and rate limit shown here is live in production.
6
Edge Functions
11
Database Tables
JWT
Auth Method
4
Public Tables
Developer Capabilities
Each capability is labelled by its current implementation status. No ambiguity.
Edge Function API
6 HTTPS endpoints (Supabase Deno Edge Functions). Call them from any HTTP client with a valid JWT. No SDK required — standard fetch() works.
JWT Authentication
All endpoints require a Supabase JWT. Obtain via email/password or OAuth (Google, Apple). 2FA-protected accounts require a TOTP code at login.
Database Access (RLS)
Query Supabase tables directly via the JS client or REST. 4 tables are publicly readable without auth; 7 are scoped to the authenticated user via RLS.
Open Data (Public)
knowledge_base and shared_knowledge tables are fully public. No auth required. Anonymised AI patterns and reviewed platform facts — read by anyone.
Persistent API Keys
Long-lived tokens not tied to a browser session. Unlocked via the api_access Feature Vault item (3,000 coins). Key issuance layer is in development.
Webhooks / Event Hooks
Event-based callbacks for unlock events, coin awards, and account deletions. Not yet designed. Would require a webhook delivery infrastructure.
Endpoint Reference
All endpoints are Supabase Edge Functions. Base URL: {SUPABASE_URL}/functions/v1/
Send a message to the AI. Tracks word count, awards Gold Coins, and persists messages when conversationId is provided.
Standalone web search via Perplexity. Returns a synthesised answer with citations. Does not interact with the coin system or conversation history.
Unlock a Feature Vault item by spending Gold Coins. Atomic — coin deduction and unlock record are consistent. Auto-refunds coins if the unlock record fails.
Credit a coin package to the authenticated user. Coin amounts are authoritative server-side. Uses atomic upsert to prevent double-crediting.
Wipe all user-generated data and reset coin balance to zero. Account remains active. Creates a GDPR deletion_requests audit record.
Permanently delete the authenticated user account and all data. Irreversible. Performs explicit table wipes before auth deletion to handle tables without CASCADE. Creates GDPR audit record first.
Data Layer
Access via the Supabase JS client or direct PostgREST API. RLS is enforced at the database level.
| Table | Access | Description |
|---|---|---|
knowledge_base | Public read | User-sourced Q&A pairs with upvote scores. Updated after each chat. |
shared_knowledge | Public (reviewed) | AI-extracted platform facts. Only reviewed=true AND is_active=true rows visible. |
community_posts | Public read | Feature requests and bug reports from authenticated users. |
community_votes | Public read | Vote records linking users to community posts. |
profiles | Own row | name, bio, avatar_type, learning_pref, onboarding_completed. |
user_coins | Own row | balance, total_earned, total_spent, words_written, words_to_next_coin. |
conversations | Own rows | Conversation metadata. Messages stored in a separate FK table. |
messages | Own rows | Individual chat messages: role, content, word_count. |
unlocked_features | Own rows | One row per unlocked Feature Vault item per user. |
coin_transactions | Own rows | Earn / spend / purchase / refund audit trail. |
deletion_requests | Own rows | GDPR audit log. Created by delete-user-data and delete-user-account. |
// Public table — no JWT needed
const { data } = await supabase
.from("knowledge_base")
.select("question, answer, upvotes, topic")
.order("upvotes", { ascending: false })
.limit(20);
// Private table — JWT required (own rows only via RLS)
const { data: coins } = await supabase
.from("user_coins")
.select("balance, total_earned, words_to_next_coin")
.maybeSingle();Integration Use Cases
Every scenario listed here is achievable today with the existing API surface.
Internal analytics dashboard
Query user_coins, coin_transactions, and unlocked_features with a service-role key to build a usage view for your team. All table schemas are stable.
Automated chat workflows
Drive the /chat endpoint with a service account JWT for Q&A pipelines, onboarding automation, or retrieval-augmented generation scenarios.
Consume the public knowledge base
Pull knowledge_base and shared_knowledge without any auth. Build a semantic search index, training dataset, or context layer for downstream models.
Feature request aggregator
Read community_posts and community_votes to build a roadmap view, Slack integration, or automated triage pipeline.
Standalone web search
Invoke /web-search as a Perplexity-backed research API without managing a Perplexity key yourself. Answers include cited source URLs.
Coin balance integrations
Read coin balances and transaction history to drive external gamification, progress notifications, or reward dashboards.
Implementation Status
This table is the authoritative source of truth for what is and isn't available in the current platform.
| Feature / Capability | Status | Notes |
|---|---|---|
| 6 Edge Function endpoints | Available now | Callable via HTTPS with JWT. Stable schema. |
| JWT authentication (email/OAuth) | Available now | Google and Apple OAuth via PKCE. 2FA optional. |
| Supabase DB — public tables | Available now | knowledge_base, shared_knowledge, community tables. |
| Supabase DB — private tables | Available now | RLS enforced. Own-row access only via JWT. |
| Open Data JSON dataset | Available now | Downloadable at /open-data. Cryptographically signed. |
| Rate limiting (chat) | Available now | 3s min between messages, server-side enforced. |
| Coin economy API (spend/purchase) | Available now | Atomic RPCs, guaranteed consistent balance. |
| GDPR delete endpoints | Available now | delete-user-data and delete-user-account functions. |
| Persistent API keys | Planned | api_access vault item (3,000 coins) reserves eligibility. |
| API key management UI | Planned | Create, rotate, revoke keys. Follows key issuance. |
| Usage metering per key | Planned | Request counts and coin spend tracked per key. |
| Webhook / event delivery | Conceptual | Not yet designed. No timeline. |
| Public REST API (no Supabase) | Coming later | Possible as a thin gateway layer over Edge Functions. |
| SDK or client library | Conceptual | No SDK exists or is planned. Use fetch() directly. |
Feature IDs (for spend-coins)
web_search150 coinscreative_mode300 coinsdeep_analysis600 coinsdata_insights1,000 coinspriority1,500 coinsapi_access3,000 coinsmemory5,000 coinsagents8,000 coinscustom_prompts12,000 coinsfine_tuning20,000 coinsteam_workspace40,000 coinswhitelabel100,000 coinsPackage IDs (for purchase-coins)
starterstandardpropowereliteunlimitedQuick Start
Three steps: get a JWT, call an endpoint, handle the response.
npm install @supabase/supabase-js
import { createClient } from "@supabase/supabase-js";
const supabase = createClient(
"https://your-project.supabase.co",
"your-anon-key"
);
const { data, error } = await supabase.auth.signInWithPassword({
email: "user@example.com",
password: "password",
});
const jwt = data.session?.access_token; // Use this in all requestsconst response = await fetch(
"https://your-project.supabase.co/functions/v1/chat",
{
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": `Bearer ${jwt}`,
},
body: JSON.stringify({
userMessage: "What is the Feature Vault?",
}),
}
);
const { response: text, coinsEarned, newBalance } = await response.json();Error Response Shape
// All errors follow this shape:
{ "error": "Human-readable message", "code"?: "MACHINE_CODE" }
// 402 Insufficient coins also includes:
{ "error": "Insufficient coins", "required": 600, "available": 300, "shortfall": 300 }
// 429 Rate limited also includes:
{ "error": "Rate limited", "retryAfterMs": 1800 }Rate Limits (enforced in production)
/chatMinimum 3 seconds between messages per user. Server-side, via message timestamp comparison./chatuserMessage max 4,000 characters. Returns 400 with code: MESSAGE_TOO_LONG./web-searchquery max 2,000 characters. Returns 400 on overflow.The best way to get help is the Community — open a Bug Report or Feature Request. For documentation, the Docs section covers platform workflows and user-facing features.
Cookie preferences
We use strictly necessary cookies to keep you signed in, and optional functional cookies for UI preferences. No analytics, no advertising, no third-party trackers.