Auth

Configure the authentication flow for your endpoints

  • You can configure authentication settings for each environment (e.g., development, production).

  • These settings are specific to the environment you are working in.

Secret Key:

  • The secret key is used to decode (deparse) the token passed in the header of each request.

  • The secret key must match the key used to generate the token. If the keys do not match, the token becomes invalid, leading to authentication errors.

  • Secret keys are securely stored through environment variables, and you can select them from a list of secrets in a dropdown menu for easy configuration.

Configure secrets key in auth configuration
Configure secrets key in auth configuration

Fields (Token Payload Validation):

  • Specify the fields that should be present inside the token (payload).

  • When the token is decoded, these fields are checked to ensure the request is valid.

  • If the required fields are missing, the system will return an "unauthorized" error for each request.

Configure Fields in Auth section for token
Configure Fields in Auth section for token validation

Error Message Customization:

  • You can configure a custom error message to be returned in the response if:

    • The token is invalid.

    • The token cannot be authenticated for other reasons.

  • This allows you to provide user-friendly error messages.

Configure error message in auth configuration
Configure error message in Authentication configuration

Authentication for API end points

This section explains how to configure real-time authentication for your API endpoints.

We have published a blog on how to create magic link logics. Checkout out for refrence.

  1. Define Input Payload: Start by creating a login or signup or from magic link login flow that accepts an input payload with the user's email.

  2. Process User Details: Add actions to process the user details for the given email. These actions will handle validation and fetching user-specific data.

  3. Generate Token: Create an action to generate a token. The token should include user_id and user_email as its payload.

Step 2: Configure Authentication Settings

  1. Navigate to Auth Tab:

    • Go to the "Auth" tab in the platform.

    • Configure the secret key using the secrets manager. This key should be the same as the one used during token generation.

  2. Add Fields:

    • Specify fields such as user_id and user_email.

    • Define error messages for scenarios where the token is invalid or expired.

  3. Save Configuration:

    • Save these configurations to complete the authentication setup.

Step 3: Enable Authentication for API Endpoints

  1. Table CRUD Endpoints:

    • Navigate to the "Tables" section and select any table to view its details.

    • Locate the Is Authenticate Endpoint toggle.

    • Enable this toggle to validate the token for every request. If a token is not passed, it will be considered invalid.

  2. Logic Endpoints:

    • To enable authentication for logic APIs, follow the same process.

    • Navigate to the logic details and toggle the Is Authenticate Endpoint option.

    • When enabled, all requests to the logic endpoints must include a valid authentication header containing the token.

By following the above steps, you can configure token-based authentication for your API endpoints and ensure secure access to your resources.

Last updated

Was this helpful?