Authentication
Appwrite provides authentication for many different use cases to fit the needs of developers. Appwrite manages authentication with a combination of accounts and sessions. Accounts can be created in many different ways, such as through an anonymous session, email and password, OAuth authentication, magic URLs, and more.
Account vs Users API
The Account API operates in the scope of the currently logged-in account and is usually used in a frontend or mobile app. The Users API is used in backend integrations and uses an API key with access to all your project users.
Some of the Account API methods are available from Server SDKs when you authenticate with a JWT. This allows your Server SDK to perform actions on behalf of a user.
Create An Account
A user account in Appwrite is the primary way to access information for a given project. Accounts can be created in many different ways, including email & password, anonymous sessions, OAuth2, phone authentication, and more. Applications can create and manage sessions through the REST API or Client SDKs.
Creating an account via email and password is one of the most common ways to sign up for an application. Appwrite provides email and password authentication out of the box. Using one of Appwrite's Client SDKs, or the REST APIs directly, you can create an account using an email address and password in your application.
Passwords are hashed with Argon2, a resilient and secure password hashing algorithm.
The example below shows you how to create an account:
-
Web
import { Client, Account, ID } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.create( ID.unique(), 'team@appwrite.io', 'password' ); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.create( userId: ID.unique(), email: 'team@appwrite.io', password: 'password', );
Android
import io.appwrite.Client import io.appwrite.services.Account import io.appwrite.ID val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val user = account.create( userId = ID.unique(), email = "team@appwrite.io", password = "password" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let user = try await account.create( userId: ID.unique(), email: "team@appwrite.io", password: "password" )
GraphQL
mutation { accountCreate(userId: "unique()", email: "team@appwrite.io", password: "password") { _id email name } }
After an account is created, it can be verified through the account verification route provided by the Appwrite Accounts API. The user doesn't need to be verified to log in, but you can restrict resource access to verified users only using permissions.
Anonymous User
Anonymous authentication allows users of your application to create a temporary valid session without creating an account. The session has an expiration time of one year. If an account is created while an anonymous session is active, it will be attached to the existing anonymous session.
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createAnonymousSession(); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.createAnonymousSession();
-
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val user = account.createAnonymousSession()
-
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let user = try await account.createAnonymousSession()
-
GraphQL
mutation { accountCreateAnonymousSession { _id userId provider expire } }
OAuth
OAuth is another way to authenticate a user using a multistep process. When using OAuth to authenticate, the authentication request is initiated from the client application. The user is then redirected to an OAuth2 provider to complete the authentication step, and finally, the user is redirected back to the client application. This provides integration with many third-party services that provide their own OAuth integration as a more secure approach than providing a username/password directly.
In applications with first-party redirects, using OAuth2 for authentication is preferred.
The example below shows you how to authenticate with OAuth2 using Amazon's OAuth system.
-
Web
import { Client, Account } from "appwrite"; const client = new Client(); .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); // Go to OAuth provider login page account.createOAuth2Session('amazon');
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); // Go to OAuth provider login page await account.createOAuth2Session(provider: 'amazon');
-
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) // Go to OAuth provider login page account.createOAuth2Session(provider = "amazon")
-
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) // Go to OAuth provider login page try await account.createOAuth2Session(provider: "amazon")
If there is already an active anonymous session, the new session will be attached to it. If there are no active sessions, the server will attempt to look for an account with the same email address as the email received from the OAuth2 provider and attach the new session to the existing account. If no matching account is found - the server will create a new account.
Phone
Phone authentication is done using a two-step authentication process. When using phone authentication, the authentication request is initiated from the client application and an SMS is sent to the user with a secret key for creating a session.
The example below shows you how to initiate a phone authentication request.
-
Web
import { Client, Account, ID } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createPhoneSession( ID.unique(), '+16171234567' ); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final session = await account.createPhoneSession( userId: ID.unique(), phone: '+16171234567' );
Android
import io.appwrite.Client import io.appwrite.services.Account import io.appwrite.ID val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val session = account.createPhoneSession( userId = ID.unique(), phone = "+16171234567" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let session = try await account.createPhoneSession( userId: ID.unique(), phone: "+16171234567" )
GraphQL
mutation { accountCreatePhoneSession(userId: "unique()", phone: "+16171234567") { _id userId secret expire } }
After initiation, the returned user ID and secret are used to confirm the user. The secret will be a 6-digit number in the SMS message sent to the user.
-
Web
import { Client, Account, ID } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.updatePhoneSession( '[USER_ID]', '[SECRET]' ); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final session = await account.updatePhoneSession( userId: '[USER_ID]', secret: '[SECRET]' );
Android
import io.appwrite.Client import io.appwrite.services.Account import io.appwrite.ID val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val session = account.updatePhoneSession( userId = "[USER_ID]", secret = "[SECRET]" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let session = try await account.updatePhoneSession( userId: "[USER_ID]", secret: "[SECRET]" )
GraphQL
mutation { accountUpdatePhoneSession(userId: "[USER_ID]", secret: "[SECRET]") { _id userId provider expire } }
After the secret is verified, a session will be created.
Magic URL
Magic URL authentication allows a user to sign in without a password. Magic URL authentication sends the user an email with a secret key for creating a new session. If the provided user ID has not be registered, a new user will be created.
Only redirect URLs to domains added as a platform on your Appwrite console will be accepted. URLs not added as a platform are rejected to protect against redirect attacks.
SMTP Required
Magic URL authentication requires SMTP to be configured on your Appwrite instance to deliver emails.
Magic URL authentication can be initiated like this:
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createMagicURLSession(ID.unique(), 'email@example.com'); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.createMagicURLSession( userId: ID.unique(), email: 'email@example.com', );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val user = account.createMagicURLSession( userId = ID.unique(), email = "email@example.com" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let user = try await account.createMagicURLSession( userId: ID.unique(), email: "email@example.com" )
GraphQL
mutation { accountCreateMagicURLSession( userId: "unique()", email: "email@example.com" ) { _id _createdAt userId secret expire } }
After receiving your secret from an email, you can create a new Magic URL session like this:
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.updateMagicURLSession('[USER_ID]', '[SECRET]'); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.updateMagicURLSession( userId: '[USER_ID]', secret: '[SECRET]', );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val user = account.updateMagicURLSession( userId = '[USER_ID]', secret = '[SECRET]' )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let user = try await account.updateMagicURLSession( userId: '[USER_ID]', secret: "[SECRET]" )
GraphQL
mutation { accountUpdateMagicURLSession( userId: "[USER_ID]", secret: "[SECRET]" ) { _id _createdAt userId expire provider } }
Login
Logging in with an email and password is one of the most common ways to login into an application.
The example below shows you how to create a session:
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createEmailSession( 'team@appwrite.io', 'password' ); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final session = await account.createEmailSession( email: 'team@appwrite.io', password: 'password' );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val session = account.createEmailSession( email = "team@appwrite.io", password = "password" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let session = try await account.createEmailSession( email: "team@appwrite.io", password: "password" )
GraphQL
mutation { accountCreateEmailSession(email: "team@appwrite.io", password: "password") { _id userId provider expire } }
When a user tries to access restricted resources, you can check if they have a valid, active session. The Account Service provides a get() method that checks whether the current user session is active and returns the account information if successful.
The example below shows you how to check whether there is an active session:
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.get(); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final session = await account.get();
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val session = account.get()
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let session = try await account.get()
GraphQL
query { accountGet { _id email name status } }
An authenticated session in Appwrite lasts for 1 year and is then automatically expired.
Password Recovery
If a user forgets their password, they can initiate a password recovery flow to recover their password. The Create Password Recovery endpoint sends the user an email with a temporary secret key for password reset. When the user clicks the confirmation link, they are redirected back to the password reset URL with the secret key and email address values attached to the URL as query strings.
Only redirect URLs to domains added as a platform on your Appwrite console will be accepted. URLs not added as a platform are rejected to protect against redirect attacks.
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createPasswordRecovery('email@example.com', 'https://example.com'); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = account.createRecovery( email: 'email@example.com', url: 'https://example.com', );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val response = account.createRecovery( email = "email@example.com", url = "https://example.com" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let token = try await account.createRecovery( email: "email@example.com", url: "https://example.com" )
GraphQL
mutation { accountCreateRecovery( email: "email@example.com", url: "https://example.com" ) { _id _createdAt userId secret expire } }
After receiving a email with the secret attached to the redirect link, submit a request to the Create Password Recovery (confirmation) endpoint to complete the recovery flow. The verification link sent to the user's email address is valid for 1 hour.
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.updateRecovery('[USER_ID]', '[SECRET]', 'password', 'password'); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.updateRecovery( userId: '[USER_ID]', secret: '[SECRET]', password: 'password' passwordAgain: 'password' );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val token = account.updateRecovery( userId = "[USER_ID]", secret = "[SECRET]", password = "password", passwordAgain = "password" )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let token = try await account.updateRecovery( userId: "[USER_ID]", secret: "[SECRET]", password: "password", passwordAgain: "password" )
GraphQL
mutation { accountUpdateRecovery( userId: "[USER_ID]", secret: "[SECRET]", password: "password", passwordAgain: "password" ) { _id _createdAt userId secret expire } }
JWT Authentication
JSON Web Tokens (JWTs) are a secure means to transfer information or claims between two parties. If you're building server applications with Appwrite, JWTs enable your client applications to authenticate with your server application.
You need to create a session using the Client SDKs before generating a JWT. The JWT will be a stateless proof of claim for the identity of the authenticated user and can be used by client or server SDKs to act on behalf of a user. JWTs become invalid after 15 minutes or when the session is deleted.
You can generate a JWT like this:
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.createJWT(); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final jwt = await account.createJWT();
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val jwt = account.createJWT()
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let jwt = try await account.createJWT()
GraphQL
mutation { accountCreateJWT { jwt } }
Your server application can use the JWT to act on behalf of the user by creating a
Client
instance with the JWT for each request it receives with a JWT.-
Node.js
const { Client } = require('node-appwrite'); const client = new Client(); client .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2') // Your project ID .setJWT('eyJJ9.eyJ...'); // Your secret JSON Web Token
-
PHP
use Appwrite\Client; $client = new Client(); $client ->setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint ->setProject('5df5acd0d48c2') // Your project ID ->setJWT('eyJ9.eyJ...'); // Your secret JSON Web Token
-
Python
from appwrite.client import Client client = Client() (client .set_endpoint('https://[HOSTNAME_OR_IP]/v1') # Your API Endpoint .set_project('5df5acd0d48c2') # Your project ID .set_jwt('eyJ9.eyJ...') # Your secret JSON Web Token )
-
Ruby
require 'appwrite' include Appwrite client = Client client.new .set_endpoint('https://[HOSTNAME_OR_IP]/v1') # Your API Endpoint .set_project('5df5acd0d48c2') # Your project ID .set_jwt('eyJ9.eyJ...') # Your secret JSON Web Token
-
Deno
import { Client } from "https://deno.land/x/appwrite/mod.ts"; let client = new Client(); client .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2') // Your project ID .setJWT('eyJ9.eyJ...'); // Your secret JSON Web Token
-
Dart
import 'package:dart_appwrite/dart_appwrite.dart'; final client = Client(); client .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2') // Your project ID .setJWT('eyJ9.eyJ...'); // Your secret JSON Web Token
-
Kotlin
import io.appwrite.Client val client = Client() client .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID .setJWT("eyJ9.eyJ...") // Your secret JSON Web Token
-
Swift
import Appwrite let client = Client() client .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID .setJWT("eyJ9.eyJ...") // Your secret JSON Web Token
Persistence
Appwrite handles the persistence of the session in a consistent way across SDKs. After authenticating with an SDK, the SDK will persist the session so that the user will not need to log in again the next time they open the app. The mechanism for persistence depends on the SDK.
Best Practice
Only keep user sessions active as long as needed and only maintain one instance of the Client SDK in your app to avoid conflicting session data.
SDK Persistence Method Web Uses a session secure cookie and falls back to local storage when a session cookie is not available. Flutter Uses a session cookie stored in Application Documents through the path_provider package. Apple Uses a session cookie stored in UserDefaults. Android Uses a session cookie stored in SharedPreferences. User Preferences
You can store user preferences on a user's account using Appwrite's Update Preferences endpoint. You can store user preferences such as theme, notification settings, or preferred language so they can be synced across multiple devices.
Preferences are stored as a key-value JSON object. The maximum allowed prefs size is 64kB and throws an error if exceeded.
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.updatePrefs({darkTheme: true, language: 'en'}); promise.then(function (response) { console.log(response); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final user = await account.updatePrefs( prefs: { "darkTheme": true, "language": "en", } );
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val user = account.updatePrefs( prefs = mapOf("darkTheme" to true, "language" to "en") )
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let user = try await account.updatePrefs( prefs: ["darkTheme": true, "language": "en"] )
GraphQL
mutation { accountUpdatePrefs( prefs: "{\"darkTheme\": true, \"language\": \"en\"}" ) { _id _createdAt _updatedAt name registration status passwordUpdate email phone emailVerification phoneVerification prefs { data } } }
After a user's preferences are updated, they can be retrieved using the Get Preferences endpoint.
-
Web
import { Client, Account } from "appwrite"; const client = new Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID const account = new Account(client); const promise = account.getPrefs(); promise.then(function (prefs) { console.log(prefs); }, function (error) { console.log(error); });
-
Flutter
import 'package:appwrite/appwrite.dart'; final client = Client() .setEndpoint('https://[HOSTNAME_OR_IP]/v1') // Your API Endpoint .setProject('5df5acd0d48c2'); // Your project ID final account = Account(client); final prefs = await account.getPrefs();
Android
import io.appwrite.Client import io.appwrite.services.Account val client = Client(context) .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID val account = Account(client) val prefs = account.getPrefs()
Apple
import Appwrite let client = Client() .setEndpoint("https://[HOSTNAME_OR_IP]/v1") // Your API Endpoint .setProject("5df5acd0d48c2") // Your project ID let account = Account(client) let prefs = try await account.getPrefs()
GraphQL
query { accountGetPrefs { data } }
Session Limits
In Appwrite versions 1.2 and above, you can limit the number of active sessions created per user to prevent the accumulation of unused but active sessions. New sessions created by the same user past the session limit deletes the oldest session.
You can change the session limit in the Security tab of the Auth Service in your Appwrite Console. The default session limit is 10 with a maximum configurable limit of 100.
Security
Security is very important to protect users' data and privacy. Appwrite uses a permissions model coupled with user sessions to ensure users only have access to certain information based on the permissions. With Appwrite services, including databases and storage, access is granted at the collection, bucket, document, or file level. This access is consistent across access to these items in relation to document access, file access, and real-time events.