3.3 Getting started with Hasura Auth APIs

Hasura.io

In the previous post I had worked with the Data APIs provided by Hasura. The most important data is your user data. So in this post I will breeze you through the Hasura Auth and User Management APIs. Refer to my Engineering Assistant app Schema.

Refer to the Auth and API documentation.

Hasura Auth platform comes with some pre-defined roles in the system. They are anonymous, user and admin. You can add more roles to the auth system by using it’s APIs or the console UI. You can also assign/unassign roles to an existing user using the APIs.

  • If the request has no existing session, then the role anonymous is attached to it.
  • Once a user registers, a user role is assigned to him and the user is also logged in if no verification of email is setup. An auth token is generated when a user performs login and it is sent by the browser in subsequent requests in cookies.
  • When you setup the project for the first time and login as admin using the credentials generated after hasuractl local start command, a default admin user is generated with the admin role.

Auth API :

http://auth.c100.hasura.me/

This can be found in Auth/User Management>Manage>Access- External endpoint part of the console.

Before you connect your webapp’s frontend with the backend , you can send API requests using a very useful tool called POSTMAN and check if you are getting the right response for your requests.

Register a new user

POST: http://auth.c100.hasura.me/signup

-H "Content-Type: application/json"
-d
{
"username":"someone",
"password":"password",
"email": "someone@somemail.com"
}

Login for an existing user using email

POST: http://auth.c100.hasura.me/login

-H "Content-Type: application/json"
-d
{
"password":"password",
"email": "someone@somemail.com"
}

Login for an existing user using username

POST: http://auth.c100.hasura.me/login

-H "Content-Type: application/json"
-d
{
"username":"someone",
"password":"password"
}

Logout form the existing session

POST: http://auth.c100.hasura.me/user/logout

Have a look at this Postman Collection to see all the requests.

Next