How to protect APIs for SaaS with API-first approach?
Let's assume we have main API backend with business logic and access to database. Also we have Next.js application (with React Server Components) which act as client to this API (without database access). Kinde is connected with Next.js client. Customer can use this API via our Next.js client or directly. I can create new M2M application per each user and share client id and client secret of this application with my customer. Or I can generate API key instead. Anyway, how to link this application or API keys to users and get related user by application id or API key (do request to Kinde from auth middleware on API backend side)?.. Can I implement it somehow via Kinde? Or must I create new microservice and add relations between Kinde users with application ids or API keys there?
5 Replies
Hey Alexander, I believe we have already answered this question for you in our Slack Community?
Yes, thank you! What is preferred way to communicate with Kinde team - using Slack or Discord? (I see you use Free Slack Workspace, it has 90 days message history limits so Discord looks better place for community but I'm not sure and duplicated my questions)
We are active on both, whatever works for you.
same problem here
what is the solution? i dont have slack 😄
Hi, in my use case I have a Next.js 14 application with route handlers. These route handlers are used by the Next.js pages. Now, I want to expose some of these route handlers to multiple external applications so that they can call the route handlers (or APIs) directly. How can I protect these route handlers?