Skip to main content

How to authenticate

The API uses Bearer token authentication in the Authorization header. Include your API Key in every request: 
Authorization: Bearer YOUR_API_KEY

Authenticated request example

curl -X GET \
  "https://qegraxvwwikrltmtfamo.supabase.co/functions/v1/v1-quote-funeral-service?locality_id=24017" \
  -H "Authorization: Bearer YOUR_API_KEY"

Authentication errors

CodeMessageCause
401UNAUTHORIZEDAPI Key missing or invalid
401KEY_REVOKEDThe API Key has been deactivated
429RATE_LIMIT_EXCEEDED100 requests/hour limit exceeded
401 Response
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or not found API Key."
  }
}
429 Response
{
  "error": {
    "code": "RATE_LIMIT_EXCEEDED",
    "message": "You have exceeded the limit of 100 requests per hour. Please try again in a few minutes."
  }
}

Usage limits (Rate Limiting)

PlanLimitWindow
Beta100 requestsPer hour, per API Key
The Retry-After header indicates how many seconds to wait after receiving a 429.

Security

Do not expose your API Key in the frontend. API requests must always be made from your backend or from the MCP/GPT Action server — never from publicly accessible client-side JavaScript.
  • API Keys are stored as SHA-256 hashes. Funos never stores the key in plain text.
  • If you believe your API Key has been compromised, contact api@funos.es immediately.
  • Each API Key has an origin identifier (name, origin) for full traceability in logs.

Request an API Key

The API is in private beta. To request access:
  1. Write to api@funos.es with subject: API Key Request - Funos AI Partner
  2. Briefly describe your use case (GPT Action, MCP, web application…)
  3. You will receive your API Key within 24–48 hours
If you are setting up a GPT Action in ChatGPT, the API Key is entered in GPT Builder → Configure → Actions → Authentication → API Key → Bearer.