SimpleFunctions has three auth flavors depending on the surface:Documentation Index
Fetch the complete documentation index at: https://docs.simplefunctions.dev/llms.txt
Use this file to discover all available pages before exploring further.
| Surface | Auth | Header |
|---|---|---|
| Landing public + agent + thesis + portfolio + watch APIs | SF API key | Authorization: Bearer sf_live_... |
| Web terminal sessions | Supabase JWT | Authorization: Bearer eyJ... |
Terminal data API (data.simplefunctions.dev) | Data API key | Authorization: Bearer sft_live_... |
| Kalshi exchange | BYOK private key | Local-only (CLI), or AES-256-GCM encrypted upload (autopilot) |
| Polymarket exchange | BYOK wallet | Local-only or wallet-connect on web terminal |
| MCP | SF API key | Authorization: Bearer sf_live_... |
CLI login
~/.config/simplefunctions/config.json.
Manual API key
Get one atsimplefunctions.dev/dashboard/keys. Set:
HTTP
User scoping
Authenticated account and portfolio routes are scoped to the authenticated user. Do not passuserId from the client for normal reads — server-side resolution always wins.
Secrets
The CLI and API never return raw exchange private keys. Key metadata may include presence, id suffixes, or created/rotated timestamps, but never secret material.BYOK encryption (cloud autopilot)
sf portfolio enable does:
Read local Kalshi PEM
From your local
~/.config/simplefunctions/config.json or environment variable.Encrypt client-side
AES-256-GCM with your SF account-derived key. The plain PEM never leaves the local process.
See also
API keys
Scopes and rotation.
Portfolio autopilot
Cloud autopilot setup with BYOK.
Security
Encryption and audit guarantees.