SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Help understanding how to protect the `/auth` path using JWT authorizers on an AWS HTTP API Gateway. Maybe I don't quite understand something.

I've setup Supertokens to run on an AWS HTTP API Gateway. We need to protect the `/auth/signinup/code` endpoint so I attach the authorizer to that endpoint. When the frontend hits that endpoint we get a `401` which makes sense becuase we don't have the tokens yet.

How do we protect the `/auth/signinup/code` endpoint so people can't just hit it and send random OTP emails to anyone?

Hey. That’s a difficult one to protect this way. You will have to override the api and write your own heuristic to determine if it’s spam or not.

Thank you for the response. Is there anyplace in the documentation where I could read about this?

Does SuperTokens have any suggestions on what to use for this?

Nothing specific about this. It’s really application specific. You are free to use any solution you like