invalid api key
Auth Failure in Production (401 "Invalid API Key") β Need HelpHi team, I'm running into a critical authentication failure with Supabase on my production deployment (Netlify). Hoping someone can help or escalate:
Problem Summary
Localhost (localhost:3000) β Auth works perfectly
Production (*.netlify.app) β Fails on sign-in with 401 Unauthorized (Invalid API Key)
Consistently reproducible across all users and devices
Key Observations-The anon API key works for DB queries (e.g., fetching profiles).
-Only the Supabase Auth service is returning 401 on /auth/v1/token?grant_type=password.
-Environment variables are correct β VITE_SUPABASE_URL and VITE_SUPABASE_ANON_KEY match the dashboard and load in production.
-Netlify is correctly routing β UI loads, but auth API fails.
-Multiple auth flows fail β PKCE and password-based login both return 401.
-Have not tried rotating JWT signing key β doing so would break critical edge functions, so Iβm holding off.
-Support ticket already submitted β I'm a paid Pro user and awaiting a reply from the Supabase team.
What Iβve Tried (but didnβt fix it)-Vite config tweaks
-Netlify redirect rules
-Circular dependency fixes
-UI cleanup
-RLS policy adjustments
-Bypassing custom edge functions
-Full project restart
(Details omitted here, but happy to provide full audit if needed.)
Suspected Root CauseCould this be tied to a bug related to the JWT signing key update? I suspect the Auth microservice is misconfigured or rejecting valid anon keys for grant_type=password flows β despite the same key working for DB operations.
AskCan someone from the Supabase team please:
-Confirm if this could be infra-related?
-Help validate whether a migration or auth service reset is needed?
-Suggest any other safe debugging steps (short of rotating the JWT signing key)?
Weβre completely blocked in production. Grateful for any guidance β happy to DM logs or network traces if helpful.
Thanks in advance!
