# general


11/01/2021, 5:50 PM
@User , you would need to host your own backend that integrates with SuperTokens' backend SDK. This backend could be reachable via a sub domain of your frontend. It would expose all the APIs that are provided by supertokens, which your frontend would use. Then there are three methods for auth with Hasura 1) After a user is logged in, you could extract a JWT from the session and pass that to Hasura for auth. Extracting a JWT is still a feature that's work in progress.. It should be avaialbel in 1-2 weeks from now. 2) You could proxy requests to Hasura via your backend API layer which would use our
middleware. 3) You could store the user's session ID on the frontend and pass that to Hasura when you query it. Then Hasura can use a custom auth hook to query SuperTokens' core to check if the session ID is valid or not. ---------------------- Out of these, number (2) is the most secure since it doesn't expose any of the session tokens to the frontend (therby preventing token theft via XSS attacks) (1) is the most popular since it's easy to use. ---------------------- Anyhow, you would need to host an API server which would integrate with SuperTokens' backend SDK.