Is there a way to disable the auth signup and make it only a SuperTokens.com #support-questions

Join Discord

Is there a way to disable the /auth/signup and mak...

# support-questions

Λ C Ξ L X R D

05/05/2022, 8:55 PM

Is there a way to disable the /auth/signup and make it only available to add users through the admin panel?

05/06/2022, 4:28 AM

hey @Λ C Ξ L X R D

05/06/2022, 4:28 AM

yes. It is possible. You can override the api function and only call the original implementation if some API key is given in the request body known to the admin

05/06/2022, 4:29 AM

Or, you can disable the API entirely (see advanced customisation section), and make your own API for sign up using our SDK functions. This API again should be protected so that only admins can call it.

Λ C Ξ L X R D

05/06/2022, 3:22 PM

How can I call the original implementation from the backend to use my own api tho?

05/07/2022, 5:03 AM

@Λ C Ξ L X R D

05/07/2022, 5:03 AM

the original implementation will not call your API. You can override the API, add some custom logic after / before the original implementation call

05/07/2022, 5:04 AM

Or, you can disable the API entirely and then make your own API on the same route

Λ C Ξ L X R D

05/07/2022, 9:20 AM

how can I make my own api on the same route?

05/08/2022, 4:45 AM

First you have to disable our API implementation (see advanced customisation -> API override -> Disabling APIs) Then you can add an API like you normally do on the same path as /auth/signup POST

Λ C Ξ L X R D

05/08/2022, 10:25 AM

but how can I make my api send the login data to supertokens?

05/08/2022, 10:26 AM

There are helper functions provided by the recipe you are using

Λ C Ξ L X R D

05/08/2022, 10:29 AM

in which submodule can I find them

05/08/2022, 10:29 AM

Recipe

05/08/2022, 10:29 AM

Then your recipe name

05/08/2022, 10:30 AM

Then there is syncio and asyncio module

05/08/2022, 10:30 AM

And in there you can find all the functions

Λ C Ξ L X R D

05/08/2022, 10:31 AM

are there any security points im sacrificing by calling the sign_up function from my route instead of the provided one?

05/08/2022, 10:33 AM

The only thing the API did extra was syntax validation of password and email.

05/08/2022, 10:33 AM

And created a new session in case sign_up is successful

Λ C Ξ L X R D

05/08/2022, 10:34 AM

so essentially I need to recreate this function?

05/08/2022, 10:35 AM

You could.

05/08/2022, 10:36 AM

But depends on how you want to create users via the admin API

05/08/2022, 10:36 AM

If you want the same logic, then you shouldn’t disable our api, and instead override. In the override function, before calling the original implementation, you should check for some API key or something that the admin will have

05/08/2022, 10:37 AM

And only then call the original implementation

Λ C Ξ L X R D

05/08/2022, 10:37 AM

I think mainly I just want the creation of the user to be from the route /api/user/ instead of /auth/signup/

05/08/2022, 10:38 AM

Hmmm. Then you will have to disable the API and copy over the logic

Λ C Ξ L X R D

05/08/2022, 10:38 AM

Okay thank you, I will try it out and let you know if I face any further issues

2 Views

Previous Next