Welcome to Fireapis
  • Welcome
  • The Basics
    • Basics
    • Environment
      • Creating an Environment
      • Configure Domain
    • Auth
    • Secrets
    • Tables
      • Creating Table
      • Testing Tables
      • Add a New Column
      • Table Properties
      • Endpoints
      • Data
      • Deleting a Column
      • Deleting a Table
    • Webhooks
    • Marketplace
    • Logics
      • Dynamic Data Source Selection
      • Testing Logics
      • Actions
        • External API Request
        • Query Builder
        • Data Transformation
        • Build Object
        • Build Conditions
        • Other Utilities
          • Token Generation
          • Token Decryption
          • Hashing
          • Validate Hash
          • Encrypt
          • Decrypt
        • Date Utilities
          • Find Difference Between Dates
          • Add/Subtract Dates
          • Format Date
          • Apply Timezone to Date
  • Next steps
    • What Next?
Powered by GitBook
On this page

Was this helpful?

  1. The Basics

Auth

Configure the authentication flow for your endpoints

PreviousConfigure DomainNextSecrets

Last updated 3 months ago

Was this helpful?

  • You can configure authentication settings for each environment (e.g., development, production).

  • These settings are specific to the environment you are working in.

Secret Key:

  • The secret key is used to decode (deparse) the token passed in the header of each request.

  • The secret key must match the key used to generate the token. If the keys do not match, the token becomes invalid, leading to authentication errors.

  • Secret keys are securely stored through environment variables, and you can select them from a list of secrets in a dropdown menu for easy configuration.

Fields (Token Payload Validation):

  • Specify the fields that should be present inside the token (payload).

  • When the token is decoded, these fields are checked to ensure the request is valid.

  • If the required fields are missing, the system will return an "unauthorized" error for each request.

Error Message Customization:

  • You can configure a custom error message to be returned in the response if:

    • The token is invalid.

    • The token cannot be authenticated for other reasons.

  • This allows you to provide user-friendly error messages.

Authentication for API end points

This section explains how to configure real-time authentication for your API endpoints.

Step 1: Create a Login or Signup or Magic link Logic

  1. Define Input Payload: Start by creating a login or signup or from magic link login flow that accepts an input payload with the user's email.

  2. Process User Details: Add actions to process the user details for the given email. These actions will handle validation and fetching user-specific data.

  3. Generate Token: Create an action to generate a token. The token should include user_id and user_email as its payload.

Step 2: Configure Authentication Settings

  1. Navigate to Auth Tab:

    • Go to the "Auth" tab in the platform.

    • Configure the secret key using the secrets manager. This key should be the same as the one used during token generation.

  2. Add Fields:

    • Specify fields such as user_id and user_email.

    • Define error messages for scenarios where the token is invalid or expired.

  3. Save Configuration:

    • Save these configurations to complete the authentication setup.

Step 3: Enable Authentication for API Endpoints

  1. Table CRUD Endpoints:

    • Navigate to the "Tables" section and select any table to view its details.

    • Locate the Is Authenticate Endpoint toggle.

    • Enable this toggle to validate the token for every request. If a token is not passed, it will be considered invalid.

  2. Logic Endpoints:

    • To enable authentication for logic APIs, follow the same process.

    • Navigate to the logic details and toggle the Is Authenticate Endpoint option.

    • When enabled, all requests to the logic endpoints must include a valid authentication header containing the token.

By following the above steps, you can configure token-based authentication for your API endpoints and ensure secure access to your resources.

We have published a blog on . Checkout out for refrence.

how to create magic link logics
Configure secrets key in auth configuration
Configure Fields in Auth section for token validation
Configure error message in Authentication configuration
Configure secrets key in auth configuration
Configure Fields in Auth section for token
Configure error message in auth configuration