Login token API

This API allows you to generate links that log your users into your Supernova account and optionally redirect them to a specific dashboard.

If you want to use this API please request that Supernova enable this for you.

Guide

Navigate to your settings page and click "Create key" under the Embed API section. Save this key securely. This key can grant access to your account. This key cannot be retrieved once generated.

Implement the backend

Using the signing key your application backend can generate tokens that grant bearer permission to login to Supernova. You can use one of Supernova provided clients to generate the tokens or use them as a guide to implement your own generation.

The key is generated using libsodium.

If you implement your own backend we recommend using libsodium to sign the tokens as well. You can follow this guide.

The key you receive from Supernova is a [identifier].[key] pair where the key is your secret key and the identifier is a unique identifier for this key in Supernova. You use the key portion to generate your encrypted payloads and simply include the identifier in the last step.

Supernova expects the encrypted message payload to be a JSON string with the following structure:

{
    email: [email of the user in Supernova],
    exp: [unix time in seconds the token should be valid until],
    userId: [optional identifier for the user],
    firstName: [optional first name of user],
    lastName: [optional last name of user],
}

This payload should be encrypted using the key portion of the signing key and a nonce

The encrypted payload and the nonce should then unpacked from bytes into hex for transmission.

This should then be included in the following token payload to Supernova:\

{
    message: [hex encoded payload],
    nonce: [hex encoded nonce],
    keyId: [key identifier from Supernova signing key],
}

Stringify and base64 encode this to get your token.

Implement the frontend

In your frontend, you only need to add a link with the following structure:

https://supernova.ai/signed_login?token=[generated token]&redirect=/canvas/your_canvas_id

The redirect portion is optional. If not included the user will be redirected to the Supernova homepage.

Supernova setup

Any accounts that you want to log in with this method will need to be invited to your Supernova team beforehand.

© 2025 Infinite Canvas Inc. d/b/a Supernova AI
Twitter logo
LinkedIn logo
Spotify logo