Thread
#general
    MacZZi

    MacZZi

    5 months ago
    hi folks, can someone help me understand the backend auth a bit? I was following the docs https://supertokens.com/docs/thirdpartyemailpassword/nextjs/setting-up-backend and got confused around authenticating the APIs. do I need to create my APIs insider 'auth'?
    r

    rp

    5 months ago
    Hey! So the frontend requires to call APIs for the auth to work. APIs like sign in, sign up, send password reset email etc... Our backend SDK exposes these APIs via the
    middleware
    function and they are to be exposed in
    /auth/*
    route. For example, the sign in API is
    /auth/signin
    , the sign up API is
    /auth/signup
    . So in this step, you are creating a file that will handle all
    /auth/*
    requests and pass the request to our middleware function which will detect the path and method and handle the API accordingly. \
    MacZZi

    MacZZi

    5 months ago
    oh, I see. so this has nothing to do with general API level authentication? I'm using nextjs, so now I need to write some middleware where I'll check the session and then allow the access? is my understanding correct?
    r

    rp

    5 months ago
    We already have a middleware for that
    it's called
    verifySession
    MacZZi

    MacZZi

    5 months ago
    thank you very very much