So you can use us without cookies. SuperTokens is split into multiple "recipes" and we have a session recipe that handles session management via cookies.
Each recipe has a set of functions that govern how it works. For example, the session recipe has createNewSession, verifySession, revokeSession etc...
The default implementation of those set response cookies and read from request cookies. You can override these functions (think inheritance override) to instead set the response body and read from the request header.
Furthermore, the session recipe also has functions to create a JWT with any payload which you can use to make your own tokens inside these functions.
------------
The above is one possible approach. Alternatively, you can use another method which requires you to add interceptors on the frontend and backend which will map the cookies to headers in the response / request. This will be slightly more complex, but in this case, you don't have to manually issue your own tokens and can take advantage of session features like rotating refresh tokens, update to access token payload, revoking of multiple sessions per user etc.. We even have a demo app for this:
https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-localstorage