SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

I'm using a custom UI, and I've broken the SuperTokens auth core / api out to a dedicated server ( it does not share the server with my application api ).  If I wanted to go about securing the API as a microservice, is there good documentation on that?

The backend api should be able to verify the session coming from the front end, against the separate auth server.

hey <@350834870131490816> for this, enable JWT based sessions, fetch the JWT on the frontend and add it to the request headers when calling your API.

Your api can then do regular JWT auth

Where can I get the verify signature when validating on the backend api?

Sorry, just saw this doc: https://supertokens.com/docs/microservice_auth/jwt-verification/index