Authenticated Requests

How to perform an authenticated request

An Authenticated API request requires an access token to grant access in order to perform the API request. First, a token must be retrieved and then passed into the header of the API endpoint requiring authentication.

Xano uses JWE authentication tokens, which is a standard. You can read more on the Authentication page.

Xano creates three Authentication endpoints out-of-the-box. Two of them retrieve an authentication token: signup and login. And one requires an authentication token: GET the user record belonging to me. (Note: you can learn more about how to change, enable, and disable authentication settings here).

The /auth/signup and /auth/login endpoints retrieve a token. Once the token is retrieved, it can be used in the header of the /auth/me endpoint to run the API endpoint and get the user record belonging to the authentication token.

For this example, we are going to sign up a new user and retrieve an authentication token. Then, we are going to pass that authentication token into the header of the /auth/me endpoint, which requires authentication.

First, sign up a new user by entering the required input fields.

In the /auth/signup API endpoint, input the required fields to sign up a new user.

Then, hit run to run the API endpoint. The response will return the Authentication token.

In this example, the response returns the authToken.

Next, copy the authToken. Then paste it into the header of the /auth/me API endpoint, which requires the Authentication token.

In the /auth/me API endpoint, paste the authToken into the header in order to run the endpoint.

If the Authentication token is accepted, then the API endpoint will run. In this case, it will return the record that is unique to the user with this Authentication token. Think of it like logging or signing into an app and looking at your user profile/settings/information.

In this example, the authToken was accepted and the API endpoint ran successfully returning the user record associated with the authToken.