Another question is. How do you protect the self-hosted dashboard? E.g. so no one can just come in and create a manager user using CURL 🙂 By passing access token through some env that you pass into docker image? UPD: Here is the docs https://supertokens.com/docs/passwordless/common-customizations/core/api-keys basically what I guessed 🙂