Links

Protecting routes

Introduction

If certain routes (URLs/endpoints) in your application are only accessible to authenticated users, it is essential to protect them by verifying the user's authentication status. The approach for this may vary depending on the overall setup of your application.
It is important to note that the authentication check relies solely on the short-term session (represented as JWT). The method by which your application receives the short-term session (represented as JWT), either through a cookie or a HTTP authorization header (bearer token), depends on the requester. This will be further explained in the following sections.

Example

To simplify the explanation, let's introduce an example company called Acme Inc. that operates a website at www.acme.com. Acme Inc. could structure its application in multiple ways as follows:
Type
Frontend hosts
Backend hosts
https://www.acme.com
https://www.acme.com
https://www.acme.com
https://www.acme.com
https://www.acme.com
https://api.acme.com
https://www.acme.com
https://api1.acme.com https://api2.acme.com

Backend SDK setup

Our official SDKs provide comprehensive support for protecting routes. To set them up correctly, please see here.