Corbado API structure

Corbado provides a Frontend API and Backend API depending on the way you want to integrate and your tech stack.
Corbado offers several ways for integration and supports different applications (e.g. regular web applications, single page applications or native apps). As not all applications can access our APIs the same way securely, we created a Frontend API and Backend API. Both APIs are RESTful APIs.
If you only want to use the authentication of Corbado and no session management, then you only need to communicate with the Frontend API. Here, the Project ID is used via an HTTP header parameter for mapping a request to a project. The communication between the Frontend API and the Backend API is handled internally. Thus, there's no need for you to create an API secret.
If you also want to use Corbado session management, your backend needs to talk to the Corbado Backend API via HTTP basic auth. Thus, you need an API secret.

Frontend API

The Frontend API is used by applications that cannot store secrets securely (e.g. single page applications running in the browser or native apps) and by the Corbado our Web Components.

Backend API

The Backend API is used by applications that can store secrets securely (e.g. regular web applications with a private server side backend). Never use the backend API from native apps or single page applications.