K
Kinde•9mo ago
AlexanderO

How to protect APIs for SaaS with API-first approach?

Let's assume we have main API backend with business logic and access to database. Also we have Next.js application (with React Server Components) which act as client to this API (without database access). Kinde is connected with Next.js client. Customer can use this API via our Next.js client or directly. I can create new M2M application per each user and share client id and client secret of this application with my customer. Or I can generate API key instead. Anyway, how to link this application or API keys to users and get related user by application id or API key (do request to Kinde from auth middleware on API backend side)?.. Can I implement it somehow via Kinde? Or must I create new microservice and add relations between Kinde users with application ids or API keys there?
5 Replies
onderay
onderay•9mo ago
Hey Alexander, I believe we have already answered this question for you in our Slack Community?
AlexanderO
AlexanderOOP•9mo ago
Yes, thank you! What is preferred way to communicate with Kinde team - using Slack or Discord? (I see you use Free Slack Workspace, it has 90 days message history limits so Discord looks better place for community but I'm not sure and duplicated my questions)
Daniel_Kinde
Daniel_Kinde•9mo ago
We are active on both, whatever works for you.
Tudor
Tudor•9mo ago
same problem here what is the solution? i dont have slack 😄
TJ
TJ•9mo ago
Hi, in my use case I have a Next.js 14 application with route handlers. These route handlers are used by the Next.js pages. Now, I want to expose some of these route handlers to multiple external applications so that they can call the route handlers (or APIs) directly. How can I protect these route handlers?
Want results from more Discord servers?
Add your server