I have a question about the Dashboard - is it safe and meant to be deployed in a production? I'm currently using a self-hosted instance, and what sparked this question for me is that self-hosted doesn't require sending the
api-key
header, thus allowing anyone who has access to the supertokens instance to create a new user/change password etc.
My assumption is that supertokens instance should not be exposed to the world, and communicated only with via backend. Is that correct?
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
