Authentication is based on two major parts, user-to-server authentication and server-to-server authentication. Both are based on the same technology but have different purposes. User-to-server is how your users are authenticated when using weavy and server-to-server is how your server authenticates while fetching data or preforming tasks using the Web API. Both use access tokens for authentication.

Server-to-server authentication

To get data and perform tasks against the Web API from your server, the server needs to authenticate itself using an API key. The key can be generated in the management interface for the weavy environment. Using the key as a bearer token, the server can perform tasks such as syncing users from your server to the weavy environment.

User-to-server authentication

The user system for weavy is built on single sign on (SSO) from your user system. That means the users in your system are the base for the authentication. Users are identified by an access token fetched from the weavy environment. Fetching the user access token requires server-to-server authentication, so this must be done on your server.

When an access token is required by weavy to authenticate a user, the frontend client asks you to fetch an access token from your server. If the current user is signed in in your system, your server contacts the weavy environment and returns an access token which can be used for the request from the frontend client to the weavy environment.

So, fetching access tokens for a user requires you to have an endpoint on your server that can fetch signed tokens for authenticated users.

Keep your API keys safe and secure! Using API keys must never be done in the frontend or over an unsecure connection, since that would break the security.

Depending on which environment you are using Weavy in, there are different types of approaches to the authentication process. Please select the one that fits your needs best below.

Weavy Docs