Channels
#support-questions
Title
λ
Λ C Ξ L X R D
05/05/2022, 8:55 PMIs there a way to disable the /auth/signup and make it only available to add users through the admin panel?
r
rp
05/06/2022, 4:28 AMhey @Λ C Ξ L X R D
yes. It is possible.
You can override the api function and only call the original implementation if some API key is given in the request body known to the admin
Or, you can disable the API entirely (see advanced customisation section), and make your own API for sign up using our SDK functions. This API again should be protected so that only admins can call it.
λ
Λ C Ξ L X R D
05/06/2022, 3:22 PMHow can I call the original implementation from the backend to use my own api tho?
r
rp
05/07/2022, 5:03 AM@Λ C Ξ L X R D
the original implementation will not call your API. You can override the API, add some custom logic after / before the original implementation call
Or, you can disable the API entirely and then make your own API on the same route
λ
Λ C Ξ L X R D
05/07/2022, 9:20 AMhow can I make my own api on the same route?
r
rp
05/08/2022, 4:45 AMFirst you have to disable our API implementation (see advanced customisation -> API override -> Disabling APIs)
Then you can add an API like you normally do on the same path as /auth/signup POST
λ
Λ C Ξ L X R D
05/08/2022, 10:25 AMbut how can I make my api send the login data to supertokens?
r
rp
05/08/2022, 10:26 AMThere are helper functions provided by the recipe you are using
λ
Λ C Ξ L X R D
05/08/2022, 10:29 AMin which submodule can I find them
r
rp
05/08/2022, 10:29 AMRecipe
Then your recipe name
Then there is syncio and asyncio module
And in there you can find all the functions
λ
Λ C Ξ L X R D
05/08/2022, 10:31 AMare there any security points im sacrificing by calling the sign_up function from my route instead of the provided one?
r
rp
05/08/2022, 10:33 AMThe only thing the API did extra was syntax validation of password and email.
And created a new session in case sign_up is successful
λ
Λ C Ξ L X R D
05/08/2022, 10:34 AMso essentially I need to recreate this function?
r
rp
05/08/2022, 10:35 AMYou could.
But depends on how you want to create users via the admin API
If you want the same logic, then you shouldn’t disable our api, and instead override. In the override function, before calling the original implementation, you should check for some API key or something that the admin will have
And only then call the original implementation
λ
Λ C Ξ L X R D
05/08/2022, 10:37 AMI think mainly I just want the creation of the user to be from the route /api/user/ instead of /auth/signup/
r
rp
05/08/2022, 10:38 AMHmmm. Then you will have to disable the API and copy over the logic
λ
Λ C Ξ L X R D
05/08/2022, 10:38 AMOkay thank you, I will try it out and let you know if I face any further issues
2 Views