api routes auth

[dnnaji]

Is it possible for API routes to be protected under the Maiar app logic? So someone must have an active session to authenticate to the API.

[juliancwirko]

I am not sure if I understand well what you would like to achieve. The Elrond API doesn't require the auth. Do you mean protected routes in Next?

If you need the backend integration within the Nextjs framework, this isn't implemented yet. You can read more about such an example here: https://www.elven.tools/docs/dapp-backend-integration.html. This is one of the ways you could do that. I will add it to the todo list.

If you need protected routes, you could handle it on the client-side for now, using, for example, the Authenticated component. But anyway, it will be only on the client-side, so I am not sure if this makes sense, maybe only as a UX improvement. The Elrond API and data are public anyway. The Authenticated component is mainly required for data checks which need an 'authenticated' state, like making transactions.

[dnnaji]

My scenario may not make sense. More of a personal PoC than real use case. But, yes, the idea would be protected API routes/backend integration. So I use Maiar login to authenticate to a custom app vs using Google or fB. GET /api/entries as an example should fail if the user is not logged into Maiar.

I'll explore the backend integration page a bit more. Will close this for now.

[juliancwirko]

It is a good use case if you want to protect some data stored in the DB, that is connected with the user's address, but for now, the template has only front-end functionality + some rewrites on the backend, but it will be sure developed further.

You could also check https://github.com/ElrondNetwork/native-auth. I am not sure yet, but it looks like an abstraction for signature verification and token handling, so it can be helpful.