Serving protected routes to 3rd parties #2455
Unanswered
renegadejade
asked this question in
Help
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello! First off, let me preface this by saying that I'm brand new to web development so I apologize if this question is trivial, but I can't seem to find an answer via searching.
I would like to allow a subset of my protected API routes to be consumed by a 3rd party application (specifically a Discord bot) that I don't control. While I understand how to use session to protect routes in the browser and how to consume non-protected routes from another application, I can't seem to find an answer to this (or even if it's possible). General flow would be this:
User logs in with NextAuth -> User visits their account page -> generates an API key -> User gives the bot that API key -> Bot sends a request to a protected API route with the key in the headers -> Webapp returns protected data.
Is this a use-case NextAuth (or even Next.js in general) supports? If yes, can you point me in the right direction? If no, what are some alternative options?
Beta Was this translation helpful? Give feedback.
All reactions