@rp Yeah, that makes all sense 👍 Right, in my case I have no need for SSO but machine to machine would be very useful at some point. I will definitely try supertokens for user auth and technically speaking at this point in the project, there is no need to auth the API server. There is nothing sensitive there for now, just pure web content. But planning ahead, the need will come. ^^ Is machine to machine part of your plan in the near future?