The purpose of Authentication endpoints is to allow you to add authentication to your application with minimal effort as well as securing other endpoints used in your project.
These endpoints are created in the same place as the others, there's a checkbox to mark it as 'Authentication endpoint'.
To use authentication you need to use HTTPS, including in your local environment. We require this because access tokens are sent in a httpOnly cookie, which requires using the secure flag.
How is the access token stored on the client side?
The access token is stored in a httpOnly cookie. This ensures that the key is not accessible by scrips, making it very safe.
How is the access token included in the requests after logging in?
The token is included in the request when the credentials flag is passed in the request options.
- GET, PUT and DELETE requests are secured by default.
- POST is open, for registration, login (&login=true) and logout (&logout=true).
- For this endpoint, only the owner of the data can modify it.