[SOVLED]Protection of Homebrew APIs and Authentication of Appwrite

I'm planning to build a smartphone app using Appwrite and React Native, I'm planning to host the Appwrite server with Docker, but I'm also planning to build a separate API server with Node.js. In doing so, I am thinking of adding authentication protection to the API. Specifically, I want to use Appwrite to log in with a Google or other social networking account on a smartphone, and only people who have logged in can use the API. I would appreciate any specific articles or documentation!

The best way I can think of to achieve this, would be to use the Appwrite Users API in the API. The Users API can be run only on the server-side.

So essentially, the user would login on the smartphone app and a request is sent to the API, which would run account.get([user_id])

Reference: https://appwrite.io/docs/server/users?sdk=nodejs-default#usersGet

Make sure you choose the correct version of Appwrite in the docs

Agreed

Adding to that - on your server, you can validate incoming requests by checking for the presence of valid Appwrite session tokens in the request headers. Make sure to only allow requests from authenticated users with valid session tokens to access the API endpoints

If you want to implement further access control, you can use Teams API to create teams and manage team membership. This way, you can restrict access to specific API endpoints based on the user's team membership. (which I think you are trying to achieve?) https://appwrite.io/docs/server/teams

Thank you very much! I will take a look at the documentation.

Thank you very much! The supplementary explanation is helpful. I didn't know such an API existed in AppWrite. I will use it as a reference. (Right now I was just trying to control access control by being logged in or not, but I guess one day in the future I will use this API!)

[SOVLED]Protection of Homebrew APIs and Authentication of Appwrite