Protecting routes


If certain routes (URLs/endpoints) in your application are only accessible to authenticated users, it is essential to protect them by verifying the user's authentication status. The approach for this may vary depending on the overall setup of your application.
It is important to note that the authentication check relies solely on the short-term session (represented as JWT). The method by which your application receives the short-term session (represented as JWT), either through a cookie or a HTTP authorization header (bearer token), depends on the requester. This will be further explained in the following sections.


To simplify the explanation, let's introduce an example company called Acme Inc. that operates a website at Acme Inc. could structure its application in multiple ways as follows:
Frontend hosts
Backend hosts

Backend SDK setup

Our official SDKs provide comprehensive support for protecting routes. To set them up correctly, please see here.