hi folks, can someone help me understand the backend auth a bit? I was following the docs https://supertokens.com/docs/thirdpartyemailpassword/nextjs/setting-up-backend and got confused around authenticating the APIs. do I need to create my APIs insider 'auth'?

Hey! So the frontend requires to call APIs for the auth to work. APIs like sign in, sign up, send password reset email etc... Our backend SDK exposes these APIs via the

middleware

function and they are to be exposed in

/auth/*

route. For example, the sign in API is

/auth/signin

, the sign up API is

/auth/signup

. So in this step, you are creating a file that will handle all

/auth/*

requests and pass the request to our middleware function which will detect the path and method and handle the API accordingly. \

oh, I see. so this has nothing to do with general API level authentication? I'm using nextjs, so now I need to write some middleware where I'll check the session and then allow the access? is my understanding correct?

We already have a middleware for that

thank you very very much