
Hey everyone, I’m looking for some guidance on the best way to authenticate frontend requests to my API gateway using Appwrite sessions.
Right now, I'm trying to move away from using Appwrite's JWT tokens (since they expire every 15 minutes and that’s not ideal for scalability) and instead validate user sessions on the backend.
I'm running into some challenges:
I’m not totally sure the best way to retrieve and validate the session ID from the frontend.
I’m also seeing errors like the user missing the "account" scope, but not sure if that’s a setup issue or expected behavior.
If anyone has experience with validating Appwrite sessions on a backend (outside of Appwrite's client SDKs) or designing scalable auth flows with Appwrite, I’d love any advice, best practices, or examples you can share.
Thanks so much!
Recommended threads
- How to delete secured files from bucket?
When deleting a user I want to delete all their data including files. How can I delete secured files in cloud/nodejs?
- How to get OTP code in SMTP email temp...
I don't know how to get the OTP code to show in my custom email template for email authentication using OTP. I have email authentication set up for iOS app, an...
- Expo-web session issue
In web I created a session using oauth. I run the app logged in but closed the terminal and ran again opened the app(I have now 2 running app in different...
