Advice needed on using Appwrite as a backend for server-side REST API development

Hello, we are new to Appwrite and want to explore whether it will meet our development needs.

We are developing server-based REST API's and would like to utilize Appwrite for the authentication, session management and permissions of our API's users - all purely on the server-side.

To be more specific, we would (ideally) like to use Appwrite to:

• Create and manage users for our API
• Users will consume a /token endpoint on our API, where they will provide a request containing a UserId and Password, eg via Basic Auth (that corresponds to an Appwrite User). Our API will then return a JWT token if authentication is successful. The returned token should contain the User's allowed API scopes.
• Our API users will then make further requests to other resources on our APIs, using their JWT tokens as Bearer tokens to authorise themselves.
• Our API will validate each API User's token as well as its scopes.

So that leads us to a few general questions about Appwrite's intended usage patterns and its flexibility. In particular, we would like to know the following:

1. Can Appwrite authenticate users on the server-side via their UserIDs and Passwords?
2. Can the resulting Session information of an authenticated user be used to generate a JWT on the server side? (Or do we have to completlely roll our own solution?)
3. Does Apprite offer a solution to create and manage custom User permissions that are Application-specific (thus in the Application "scope") - so that it can eventually be modelled as scope in tokens for API resource consumption?
4. Does Appwrite offer a solution to manage (eg manually issue and refresh) JWT tokens purely on the server-side?

Sorry about all the questions and thank you for your time and interest if you have read this far.

We would appreciate it if anyone could point us to a known best-practice approach, recipe or specific documentation to handle a project with similar requirements.

Can you tell me first what language your backend is?

JavaScript (using nodejs)

This is a common wanted use-case as I saw with Appwrite

So I'll try to answer from my knowledge

1. You can do so by implementing some cookie jar, After you will authenticate and have the user details it will be best to generate JWT for him and from now on the connection to your Appwrite will be using Server side API with the JWT token. https://appwrite.io/docs/client/account?sdk=web-default#accountCreateJWT

You must use Cookie Jar as the only way to create a JWT is only if you already have an active session in place

2. Yes, I had elaborate on that in the first bullet-point
3. Yes. You can use either teams for general separation of the users permission , or roles, which are another level inside the teams For example you can have a Users teams and within it admin role, reader role etc.
4. This would be the biggest challenge of them all As you're using your own API you'll need to something like that

• Create login session using email, password.
• Generate JWT
• Store the user session from the cookie jar into UsersSession collection (Which is a table in Appwrite vocabulary)
• Any time you need to access on behalf of the user and 15 minutes already passed then you will have to regenerate the JWT token

Of course my advice would be to move all your logic to Appwrite using Appwrite cloud functions https://appwrite.io/docs/functions

But if you preferred it otherwise then it's difficult but indeed achievable

Thank you, this has been most helpful!

You welcome <:appwriteupvote:899677724615016528>