> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useforecast.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

# Authentication

This section is a draft for how the product should be documented publicly.

## Public API Model

The likely split is:

* **Public or trial keys** for low-risk discovery and delayed data
* **Paid API keys** for realtime and historical data products
* **User JWT or workspace tokens** for product APIs like bots and backtests

## Current Internal Reality

The codebase already uses multiple auth modes:

* Supabase JWTs for user-scoped product routes
* Engine admin secrets for server-to-server proxying
* Service credentials for lake and infrastructure access

## Recommendation

When this moves from internal docs to public docs, standardize the external contract to one API key format for market data and one user-auth pattern for workspace APIs.

## Example Header

```http theme={null}
Authorization: Bearer YOUR_API_KEY
```

For product APIs tied to a user account, the same `Authorization` header can carry a session or JWT token instead of a market data key.