Skip to main content

Starting the server

npm run dev
CommandBehavior
npm run devStarts the server with tsx watch. The process automatically restarts on file changes. Use this during local development.
npm run startRuns the compiled output from dist/ with NODE_ENV=production. Build first with npm run build or npm run esbuild.
The server listens on port 3000. Make sure this port is available before starting.

Base path

All API routes are mounted under: 
/api/v1

Health check

Use the health endpoint to verify the server is running. This route does not require authentication. 
GET /api/v1/health
Response 
up

Authentication

All routes under /api/v1 — except /api/v1/health — require a valid Supabase JWT passed as a Bearer token in the Authorization header.
header.Authorization
string
required
A Supabase JWT obtained from your Supabase project’s Auth service.Format: Bearer <token>
The server validates the token by calling supabase.auth.getUser(token). Requests with a missing, malformed, or invalid token receive a 401 Unauthorized response.
Tokens issued by Supabase expire. Clients must refresh their session and send an updated token when the current one expires.
Example request 
curl https://your-host:3000/api/v1/sessions \
  --header "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

CORS

CORS is enabled globally via @elysiajs/cors. All origins are permitted by default. To restrict allowed origins for production, configure the CORS plugin options in src/index.ts.
For production deployments, explicitly set the origin option in the cors() plugin to limit cross-origin access to trusted domains.

API reference

For a full list of available endpoints, request bodies, and response schemas, see the API Reference section in the sidebar.

Build docs developers (and LLMs) love

Get started for freeTalk to us