Skip to main content
Every deployed function is protected by default with a runtime token. Requests without a valid token receive 401 Unauthorized.

Quick start

1

Deploy your function

jelou deploy
# ✓ Deployed
# ▸ URL: https://my-function.fn.jelou.ai
# ⚠ A default runtime token was created for this function.
#   Save it now — it will not be shown again.
# ▸ Token    jfn_rt_abc123...
The first deploy automatically generates a runtime token.
Save the token immediately. It will not be shown again. If you lose it, create a new one with jelou tokens create.
2

Call with the token

curl -X POST https://my-function.fn.jelou.ai \
  -H "Content-Type: application/json" \
  -H "X-Jelou-Token: jfn_rt_abc123..." \
  -d '{"query": "test"}'
Successful response:
{ "results": [] }
Without token or with invalid token:
{ "error": "Unauthorized", "message": "Missing or invalid X-Jelou-Token header" }

How it works

  1. On the first deploy, the platform generates a runtime token (prefix jfn_rt_)
  2. Every request must include that token in the X-Jelou-Token header
  3. If the token is valid, the request reaches your handler. Otherwise, it returns 401

Routes without authentication

The /__health and /openapi.json routes never require a token. Cron triggers don’t either — the platform authenticates them automatically.

Usage examples

curl -X POST https://my-function.fn.jelou.ai \
  -H "Content-Type: application/json" \
  -H "X-Jelou-Token: jfn_rt_abc123..." \
  -d '{"phone": "593987654321"}'
The platform does not validate anything — your code is responsible.