Type Alias Allow

Allow: "always" | "public" | "secret" | "user"

Authentication mode that determines what credentials a request must provide.

"always" — No credentials required. Every request is accepted.
"public" — Requires a valid publishable key in the apikey header.
"secret" — Requires a valid secret key in the apikey header (timing-safe comparison).
"user" — Requires a valid JWT in the Authorization: Bearer <token> header.

Example

// Single mode
withSupabase({ allow: 'user' }, handler)

// Multiple modes — the first match wins.
// A mode is tried only when its credential is present; a JWT that is
// present but fails verification rejects immediately rather than falling
// through to the next mode.
withSupabase({ allow: ['user', 'public'] }, handler)