Customer access

Sign in to AIRCITE

Use the email assigned to your AIRCITE account. The app stores a user bearer session so the protected tenant summary can be retried without exposing tenant records or secret values.

Back to app View access contract

Session handoff

Supabase Auth session, then product grant

Signing in only proves the browser session. The tenant summary still requires an AIRCITE product grant before customer-scoped aggregate counts can render.

AUTH

Browser session handoff

AIRCITE uses Supabase Auth to issue a customer bearer session. The app stores only the user access token in this browser and sends it to the protected tenant summary API.

Session state

Ready

Secret boundaryService-role keys and secret values are never stored in the browser

No secrets

GATE

What happens next

After the browser stores a Supabase user session, the app sends that bearer token to /api/aircite/tenant-summary. The server still checks product membership before returning aggregate counts.

Valid sessionSupabase Auth accepts the bearer token

Required

AIRCITE grantbusiness_member_products or tenant_products enables access

Required

Tenant data shapeSanitized aggregate counts only

No PHI