V4 Custom API Token validation

terencejackson8000 · September 2, 2022, 6:56pm

Hello,

is there a way to protect a custom API with an API token generated via the frontend?
I have created the following route for the API:

export default {
  routes: [
    {
      method: 'GET',
      path: '/statistic',
      handler: 'statistic.getAll',
      config: {
        auth: false,
        policies: [],
        middlewares: [],
      },
    },
  ],
};

It works fine, but if I set auth to true I am getting an error and if I am taking it out, I need a user token.
I could not find any information how to set this up with an API token generated in the frontend:

Can you help me how this can be done?

zettabyte918 · September 3, 2022, 11:40pm

it’s a bad idea to trust client side token, don’t

terencejackson8000 · September 4, 2022, 7:26am

I agree to not trust client side tokens. Maybe I have also described it in a wrong way.

Right now, with the current configuration, no token at all is needed to access the api.

What I want to protect the API Endpoint with a token generated by Strapi and without the user logging in.