Unified facade over the Active platform's API planes. It routes; authorization is enforced downstream by row-level security and ops-api's own JWT checks.
POST /auth/token — exchange an Active API key for a short-lived JWT./rest/* and /rpc/* — data plane: Supabase PostgREST over the api schema, RLS-enforced by your JWT./v1/* — action plane: ops-api (workflows, sandboxes, GitHub). ops-api validates your JWT on every route.
# 1. Mint a short-lived JWT from your Active API key
TOKEN=$(curl -s https://api.active.us/auth/token \
-H 'content-type: application/json' \
-d '{"key":"aak_YOUR_KEY"}' | jq -r .token)
# 2. Read a view from the data plane
curl -s 'https://api.active.us/rest/accounts?select=id,name&limit=5' \
-H "authorization: Bearer $TOKEN"
Machine-readable catalog: /openapi.json