Overview

This section of documentation will walk you through of how everything under the CakeAuth platform works and interacts with each other. This is a deep-dive article. If you're looking for integrating CakeAuth to your apps, head over to the quickstart guides.

CakeAuth provides a secure way to manage your user base. This is achieved by providing two distinctly similar, yet so different, set of APIs: Frontend API and Backend API.

Frontend API

Frontend API, to put it simply are set of APIs that's responsible to interact with user-facing APIs. This kind of APIs was built from the ground-up with more-limited set of functions and capabilities and "Don't trust the client" set of mind.

Frontend API also only has capabilities that can only affect single authorized user itself. This means that Frontend API only has only able to do some data query and/or mutations for that particular authorized users only. For example refreshing/revoking current user sesssion, reading current user data, etc.

No administrative tasks that can impact multiple users (be it in the current or even other environment) can be done in Frontend API.

When you create a new environment, CakeAuth will provisions a new dedicated Frontend API endpoints (aka environment host) for your application. It is hosted at:

• https://<slug>.test.cakeauth.app: for development environment
• https://<slug>.live.cakeauth.app: for production environment

The <slug> is a unique subdomain generated for your Frontend API instance. You can find your host in the project settings.

Frontend API uses your Public Key to interact with. This key will tell CakeAuth system which endpoints to interact with. Read more about API Keys, here.

Under the hood, your public key is just a base64 encoded values of your environment host.

You can decode it:

const publicKey = "pub_test_c3ViZG9tYWluLmV4YW1wbGUuY29t";
const publicKeyWithoutPrefix = publicKey.replace("pub_test_", "");
 
atob(publicKeyWithoutPrefix); // => subdomain.example.com
 
const host = "subdomain.example.com";
const encodedHost = btoa(host); // => c3ViZG9tYWluLmV4YW1wbGUuY29t
const publicKey = `pub_test_${encodedHost}`; // => pub_test_c3ViZG9tYWluLmV4YW1wbGUuY29t

This little nice feature was inspired by Clerk which uses the same approach.

Usage Approach

Frontend API was designed to be very versatile in as much of scenario as possible. Even you can build your own custom flow manually yourself.

But, we highly recommend you to instead use our SDK instead of raw-dogging the Frontend API directly. This SDK (for example React SDK) provides a common flow and abstractions for you to directly use in your application.

Backend API

But, often times, we requires to do some back-office administrative works. Or maybe we need to handle our user base with another first, second, or even third-party applications. Hence these kind of destructive actions requires an enhanced way to interact.

In this case, those kind of actions are performed via the CakeAuth's Backend API. Backend APi provides set of interface that you can use to do some "administrative works" throughout your entire environment.

To maintain the security, Backend API should only being interacted in a secure server-side settings. Unlike Frontend API, Backend API requires a Private Key to interact with.

This special key allows you to perform actions that can alter your data. So keep your private keys safe!

Usage Approach

Backend API's most common usage settings and approach are integrating CakeAuth platforms with your server side applications. Commonly, these applications are an API service that handling your primary business logic and also needs to know your users.

You can also interacts with the Backend API directly. But, we still highly recommending to interact with Backend API via our SDKs