Yeah, so internally we have several APIs which we define in swagger, and used by Cloudformation. This deploys the Lambdas, the API Gateways and sets the CORs as required

there's also the serverless application model (AWS SAM) which is an abstraction of Cloudformation, and is a bit less verbose / tailored towards serverless apps. We're beginning to use that too

I see. That's cool. Will check that out and provide one.. if you end up using us, and make one for us, you can contribute that back to OS somehow.

sure thing. I'll keep an eye on the repo. Once you have the req / res stuff all in master, I'm pretty sure I'll be able to knock up an example for you

ok great! If you do try us out before the release and have more questions, feel free to ask them here.

@User , one correction from what I had said previously: For the backend, you would not need to call the

init

function just once per lambda function load (which will solve the cold start problem for 15 mins since the lambda function would be alive for 15 mins). You would instead have to provide some callbacks in the init function which determine the tenant's website domain (for email verification + password reset links). Like here: https://github.com/supertokens/supertokens-auth-react/blob/master/examples/with-one-login-per-subdomain/api-server.js

Does SupaTokens support JWT?

Also any good tuts on securing an api

For managing sessions we use access tokens + rotating refresh tokens. The access tokens are slightly different from a JWT but closely resemble the way JWTs work

For securing APIs, you have either API keys or 'sessions'. On the session side, you can read these blog posts https://supertokens.io/blog/all-you-need-to-know-about-user-session-security https://supertokens.io/blog/the-best-way-to-securely-manage-user-sessions

So I have 2 routes in my express backend for Auth...

javascript
app.post("/users/signup", async (req,res) => {
 "Create a user (Contains Email, Password(Hashed) and Birthday), and add it to the database"
})

app.post("/users/login", async (req,res) => {
  "Sign the user in, and return a JWT/SuperTokens Alternative, so it can interact with the rest of the API which require you to be logged in"
})

Would this be possible with Supertokens, and is there any tuts or part of them recipies?

If you want to use us for login, check out one of the login recipes in the getting started doc

Else check out the session recipe, also in the getting started page of the docs

Either way, each recipe has a quick setup section that guides you on how to implement / use ST

This the one?

Yup. That would give you email password login + sessions

Thank you

Can you use MongoDB with SuperTokens?

Only for the sessions recipe

Oo

So there is no way to use Email and Password or Socials with MongoDB?

Yeaaa. Sadly not yet.

If you are not using PostgreSQL or MySQL, you can use our managed service

That way, you don’t have to worry about db compatibility.

Hmmm

Is it pricy?

Visit our pricing page! Haha

supertokens.io/pricing

Ah ok

Yeah it looks good, especially the 5k free