Skip to main content

Overview

ScaleHouse Systems uses Supabase Auth for secure authentication. This guide covers how authentication works for both users and API access.

User Authentication

Sign Up

1

Visit Signup Page

Go to scalehousesystems.com/signup.
2

Enter Email

Provide your email address and create a password.
3

Verify Email

Check your email and click the verification link.
4

Complete Profile

Fill in your name and organization details.

Sign In

1

Visit Login Page

Go to scalehousesystems.com/login.
2

Enter Credentials

Enter your email and password.
3

Access Dashboard

You’ll be redirected to your dashboard upon successful login.

Password Reset

1

Click Forgot Password

On the login page, click “Forgot Password”.
2

Enter Email

Provide your email address.
3

Check Email

You’ll receive a password reset link.
4

Set New Password

Click the link and enter your new password.

API Authentication

API Keys

API keys are used for programmatic access to the ScaleHouse API.
API keys are scoped to your organization and can be revoked at any time.

Generating API Keys

1

Navigate to Settings

Go to Settings → API Keys in your dashboard.
2

Create Key

Click “Create API Key” and give it a name.
3

Copy Key

Copy the API key immediately - it won’t be shown again.
4

Store Securely

Store the key in a secure location (password manager, environment variables).

Using API Keys

Include your API key in the Authorization header: 
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.scalehousesystems.com/v1/connectors

Connector Authentication

Connectors use a different authentication flow:
1

Generate Activation Token

In the dashboard, go to Audit Intelligence → Connectors and click “Activate Connector”.
2

Copy Token

Copy the activation token (valid for 15 minutes).
3

Activate in Connector

Paste the token into the connector configuration window.
4

Receive API Key

The connector receives a permanent API key for ongoing authentication.

Security Best Practices

Use Strong Passwords

Use a password manager to generate and store strong, unique passwords.

Enable MFA

Enable multi-factor authentication for additional security.

Rotate API Keys

Regularly rotate API keys, especially if they may have been compromised.

Use Environment Variables

Never hardcode API keys in your code. Use environment variables instead.

Session Management

Sessions are managed automatically by Supabase Auth. Sessions expire after 7 days of inactivity or can be manually revoked.
If you suspect your account has been compromised, immediately change your password and revoke all API keys.

Next Steps

API Reference

Detailed API authentication documentation

Security Guide

Security best practices