https://supertokens.com/ logo
question about session
v

vigneshkumar

05/10/2023, 7:40 AM
Hi @rp, for my understandings with sessions management. We have different session verification flows 1. using verifySession 2. using getSession 3. manually verifying jwt Here, if I have a separate backend application running with APIs exposes, can I try to use those APIs in the verifySession, like using node backend as a middleware between frontend and my backend application. By doing this, I'm not going to use any verification methods on my backend application so that APIs are just directly accessed from nodejs. Is this suggested?
r

rp

05/10/2023, 7:46 AM
> can I try to use those APIs in the verifySession I didn't quite understand this. Maybe rephrase a bit?
v

vigneshkumar

05/10/2023, 7:50 AM
Yes, so the APIs from my backend will be called from the nodeJs backend APIs is what I meant. Basically, nodeJs being the API gateway for my backend application. By this, frontend will always communicate with nodeJs apis which in turn verifies and call my backend app apis.
r

rp

05/10/2023, 7:51 AM
right. So in the node js backend (which is the api gateway one), you can use verifySession for sure, and then pass through the user ID to the other backend in the request header for example.
v

vigneshkumar

05/10/2023, 8:22 AM
So the question is, once used verifySession, should I again check the jwt in my backend applications? or is it overkill?
r

rp

05/10/2023, 8:22 AM
no need.
Assuming that your backend application is only reachable via the api gateway and that there i no way to access it directly.
v

vigneshkumar

05/10/2023, 8:24 AM
Got it, Thanks.