https://supertokens.com/ logo
Join Discord
Powered by
is it really required to provide the apikey on bot...
# support-questions-legacy
k
is it really required to provide the apikey on both frontend and backend?
r
Hey
The api key is only to be provided on the backend. Not the frontend
Is there anything in the docs that made you think it’s frontend as well?
k
thanks for verifying @rp_st
apikey was not on docs. i only saw it on the example apps
search "apikey" on docs sent me to sms api key
r
Hmmmthe quick setup > backend section mentions the api key.
k
checked, it's there
search is not too helpful, i figured have to keep on searching
it does not list occurences
r
Hmm noted. We will see what we can do
k
cool thanks
on the same topic, if the react app sends apis to different microservices
and each microservice validates the session with a managed ST
do i need the apikey everywhere?
r
Yes. All of those backends
k
is there a way to configure an apikey just for validating sessions? my concern is that i dont control some of these microservices. and they can go in and mess with the metadatas
r
Not at the moment. What you can do is to issue JWT along with a session and instead of sending the session access token, you send the JWT to the microservices which can then verify it without needing to ever query the core
k
alrighty, let me check this out. good idea
hi rishabh, looks promising although i feel the jwt is too heavy to lug around and i feel iffy using it like a session token
r
right.. then you will have to provide the core API key to those microservices
PreviousNext
Powered by