Figuring out Hasura Authentication APIs

I had previously mentioned how using Hasura makes the task of authentication easier — Hasura Auth APIs.

Hasura Auth APIs is a collection of APIs for creating, managing and authenticating user identities into your webapp. In addition to creating. logging in and logging out, the Auth APIs also provide authentication tokens, thus making it easier to maintain sessions.

Another feature is that you have different roles of users — admin, user, anonymous. And you can assign permissions based on the role that a user has. In addition to the default roles. you can also create roles specific to your app requirement. The default role assigned to any user is the role ‘user’

The auth APIs are accessed at different endpoints depending on which auth function you need to perform

  • auth.projectname/signup— to register a new user
  • auth.projectname/login — to login an existing user.

The auth_token is what is used to maintain sessions.

  • auth.projectname/user/logout— to logout a logged in user

To logout the user, the auth_token can be added as a header, with the key Authorization and description Bearer or directly under the body.

In addition to the above said basic actions, other actions like changing password, getting user information, etc can also be performed using the Auth APIs. The API reference can be obtained from here.

Another really cool feature is the ability to integrate Google, Facebook, Twitter, OTP Authentication, Recaptcha, etc to your app user’s accounts. Read more about this here.

Link to a video lecture/webinar and material for the lecture

Link to a collection I made on Postman using the Auth APIs.