Is there a way to disable the /auth/signup and mak...
# support-questions-legacyλ
Λ C Ξ L X R D
05/05/2022, 8:55 PMIs there a way to disable the /auth/signup and make it only available to add users through the admin panel?
r
rp_st
05/06/2022, 4:28 AMhey @Λ C Ξ L X R D
rp_st
05/06/2022, 4:28 AMyes. It is possible.
You can override the api function and only call the original implementation if some API key is given in the request body known to the admin
rp_st
05/06/2022, 4:29 AMOr, you can disable the API entirely (see advanced customisation section), and make your own API for sign up using our SDK functions. This API again should be protected so that only admins can call it.
λ
Λ C Ξ L X R D
05/06/2022, 3:22 PMHow can I call the original implementation from the backend to use my own api tho?
r
rp_st
05/07/2022, 5:03 AM@Λ C Ξ L X R D
rp_st
05/07/2022, 5:03 AMthe original implementation will not call your API. You can override the API, add some custom logic after / before the original implementation call
rp_st
05/07/2022, 5:04 AMOr, you can disable the API entirely and then make your own API on the same route
λ
Λ C Ξ L X R D
05/07/2022, 9:20 AMhow can I make my own api on the same route?
r
rp_st
05/08/2022, 4:45 AMFirst you have to disable our API implementation (see advanced customisation -> API override -> Disabling APIs)
Then you can add an API like you normally do on the same path as /auth/signup POST
λ
Λ C Ξ L X R D
05/08/2022, 10:25 AMbut how can I make my api send the login data to supertokens?
r
rp_st
05/08/2022, 10:26 AMThere are helper functions provided by the recipe you are using
λ
Λ C Ξ L X R D
05/08/2022, 10:29 AMin which submodule can I find them
r
rp_st
05/08/2022, 10:29 AMRecipe
rp_st
05/08/2022, 10:29 AMThen your recipe name
rp_st
05/08/2022, 10:30 AMThen there is syncio and asyncio module
rp_st
05/08/2022, 10:30 AMAnd in there you can find all the functions
λ
Λ C Ξ L X R D
05/08/2022, 10:31 AMare there any security points im sacrificing by calling the sign_up function from my route instead of the provided one?
r
rp_st
05/08/2022, 10:33 AMThe only thing the API did extra was syntax validation of password and email.
rp_st
05/08/2022, 10:33 AMAnd created a new session in case sign_up is successful
λ
Λ C Ξ L X R D
05/08/2022, 10:34 AMso essentially I need to recreate this function?
r
rp_st
05/08/2022, 10:35 AMYou could.
rp_st
05/08/2022, 10:36 AMBut depends on how you want to create users via the admin API
rp_st
05/08/2022, 10:36 AMIf you want the same logic, then you shouldn’t disable our api, and instead override. In the override function, before calling the original implementation, you should check for some API key or something that the admin will have
rp_st
05/08/2022, 10:37 AMAnd only then call the original implementation
λ
Λ C Ξ L X R D
05/08/2022, 10:37 AMI think mainly I just want the creation of the user to be from the route /api/user/ instead of /auth/signup/
r
rp_st
05/08/2022, 10:38 AMHmmm. Then you will have to disable the API and copy over the logic
λ
Λ C Ξ L X R D
05/08/2022, 10:38 AMOkay thank you, I will try it out and let you know if I face any further issues
8 Views