The following pages give you an entry-point to secure, passwordless authentication for your web application. This guide covers some important topics for getting started with server-side APIs and to get most of Corbado's features.

(No) existing user base

As the API integration offers full flexibility it can be used with or without existing user bases. The individual flows for these two cases can be customized by yourself.

Configure your application

Create a .env file in your application.
Setup an ORIGIN which will be the origin of your application and the API_URL of the Corbado API.
If an email magicl link is required, e.g. for confirmation of new devices or new users, add a REDIRECT path where users will be redirected to after clicking on the email magic link.

API authentication

To authenticate against the Corbado API, you need to set the project ID as well as the API secret in your API requests.
All endpoints are authenticated via HTTP Basic Auth. This means setting an authorization header using project ID as username and API secret as password.
Basic <<project ID>>:<<API secret>>
The authorization header needs to be Base64 encrypted.
If the authorization header is missing or incorrect, the API will respond with 401.
Security scheme type
HTTP authorization scheme