Auth

• You can configure authentication settings for each environment (e.g., development, production).

• These settings are specific to the environment you are working in.

Secret Key:

• The secret key is used to decode (deparse) the token passed in the header of each request.

• The secret key must match the key used to generate the token. If the keys do not match, the token becomes invalid, leading to authentication errors.

• Secret keys are securely stored through environment variables, and you can select them from a list of secrets in a dropdown menu for easy configuration.

Fields (Token Payload Validation):

• Specify the fields that should be present inside the token (payload).

• When the token is decoded, these fields are checked to ensure the request is valid.

• If the required fields are missing, the system will return an "unauthorized" error for each request.

Error Message Customization:

• You can configure a custom error message to be returned in the response if:

  • The token is invalid.

  • The token cannot be authenticated for other reasons.

• This allows you to provide user-friendly error messages.

Authentication for API end points

This section explains how to configure real-time authentication for your API endpoints.

Step 1: Create a Login or Signup or Magic link Logic

1. Define Input Payload: Start by creating a login or signup or from magic link login flow that accepts an input payload with the user's email.

2. Process User Details: Add actions to process the user details for the given email. These actions will handle validation and fetching user-specific data.

3. Generate Token: Create an action to generate a token. The token should include user_id and user_email as its payload.

Step 2: Configure Authentication Settings

1. Navigate to Auth Tab:

   • Go to the "Auth" tab in the platform.

   • Configure the secret key using the secrets manager. This key should be the same as the one used during token generation.

2. Add Fields:

   • Specify fields such as user_id and user_email.

   • Define error messages for scenarios where the token is invalid or expired.

3. Save Configuration:

   • Save these configurations to complete the authentication setup.

Step 3: Enable Authentication for API Endpoints

1. Table CRUD Endpoints:

   • Navigate to the "Tables" section and select any table to view its details.

   • Locate the Is Authenticate Endpoint toggle.

   • Enable this toggle to validate the token for every request. If a token is not passed, it will be considered invalid.

2. Logic Endpoints:

   • To enable authentication for logic APIs, follow the same process.

   • Navigate to the logic details and toggle the Is Authenticate Endpoint option.

   • When enabled, all requests to the logic endpoints must include a valid authentication header containing the token.

By following the above steps, you can configure token-based authentication for your API endpoints and ensure secure access to your resources.