Authentication
Learn about the authentication methods supported by SuperAPI and how to configure them.
Supported Authentication Methods
SuperAPI currently supports two authentication methods for securing your API endpoints:
-
JWT (JSON Web Token) Authentication
This method allows you to secure your APIs using industry-standard JSON Web Tokens, providing a stateless, secure way to authenticate requests. -
Unauthenticated Access
This option permits public access to selected endpoints without requiring authentication tokens. This is useful for public-facing APIs or resources that don't contain sensitive information.
Identity-Based Cache Isolation
SuperAPI can extracts values from JWT tokens to create isolated cache spaces, ensuring proper data separation whether you're working with individual user personalization, multi-tenant environments, or complex authorization rules. This prevents data leakage between users or organizations and maintains proper access controls across your cached API responses.
JSON Path Configuration
SuperAPI allows you to specify which parts of your JWT payload should be used for identification purposes. This is done through the JSON path configuration option.
The JSON path syntax lets you tell SuperAPI exactly where in your JWT payload to find specific values. For example:
- If your JWT stores an identifier in a claim called
id, you would configure the JSON path as$.id - If the value is nested deeper, such as inside an object called
datawith a field calledidentifier, you might use$.data.identifier
This configuration allows SuperAPI to extract the appropriate values from your tokens to make intelligent caching decisions based on the identity information in the request.
By properly configuring these JSON paths, you ensure that SuperAPI correctly identifies and manages cached data in relation to the authenticated entities making the requests, maintaining both security and appropriate data isolation in your cached API responses.