SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Noticed that the api-key specified for the super token core is getting added in to the request header at the client side, wondering if this is right behaviour since I thought that the back end node app is proxying the call to super token core.

This shouldn’t be happening. The frontend shouldn’t have the api key. Can I see the request header of the api call? And which api is this?

😥 Never mind the issue was with my browser adding the header value due to the ModHeader plugin