Xano is one of the fastest way to build a powerful, scalable backend for your app without code. It gives you a scalable server, a flexible database, and a no code API builder that can transform, filter, and integrate with data from anywhere.

To use Xano as your user authentication backend, you'll need:

• A database table to store the user data.

• Three API endpoints, that will be targeted from Bravo to authenticate the users and get user-specific data. The endpoints will be:

  • Login endpoint (POST method). It will receive authentication data (user email and password). In case the user exists in the database, and the credentials are correct, a unique user auth token will be returned. This token will represent the user session, and will be valid for a certain timeframe. Once it expires, the user session will be terminated, and a new token must be requested.

  • Signup endpoint (POST method). It will receive a user email and password, and create a new user in the database, with those credentials.

  • User Info endpoint (GET method). It will receive a user auth token, that must be previously requested targeting the login endpoint. In case the token is valid, it will return information about the specific user related to the token.

Creating a new API group

If you haven't created the user table in the Xano onboarding, you are going to need to do it manually. Here we are going to explain how to do it.

An API group in Xano is a group of API endpoints. Normally, this group contains all the API endpoints related to one application. An API group can interact with one or more database tables.

Let's create a simple API group, containing the three endpoints that we need to authenticate users. To do that, go to the API section in Xano and click on Add API group. Give it a name and press Save.

Xano User Authentication - Add API groupLoom

Now let's create a new database table to store the user data and then the authentication endpoints.

Creating the user table

To create this table, go to the Database section in Xano, and select Add Table. In the pop-up section, we'll select the API group we just created, so the API endpoints we create later will be associated with this database table:

Once the table is created, we need to enable authentication for the table. This means the table will be able to handle all the authentication-related data. We'll do this in the table settings:

Now that the table can handle user authentication, we need to add all the fields related to user data. We must have fields for the user ID (automatically created for us), user email and password, but we can include additional fields if we want. In this example, we'll add also a field for the user name.

We'll make all the fields required, which means they must be included in the API request message sent from Bravo, targeting the API endpoints we'll create later:

Now it's time to add the API endpoints in our API group.

Adding the API endpoints

We'll add the three API endpoints mentioned earlier (login, signup and user info) to complete the authentication flow. These endpoints will interact with the user table we just created, to add and retrieve user information.

Go to the API group we created before. You'll see that it will already contain some API endpoints, which were created when we associated the user table with the API group. These endpoints can perform CRUD operations (create, read, update and delete) against our user table.

However, as this is a special table that will contain authentication data, we must create specific authentication endpoints to handle the process in a secure way. Xano provides a way to add these endpoints very easily. We'll create the login, signup and user info endpoints as shown below:

Testing the endpoints

Once the user table and the endpoints are ready, it's time to test them and make sure everything works as expected.

We'll use Xano's API testing tool to create a new user in the database, then log in with that user and obtain a token, and finally target the user info endpoint with that token.

To create a new user, click on the signup endpoint inside the API group, and use the Run & Debug tool. This will allow us to send test requests against the endpoints:

If the user is created successfully, an authentication token is returned. Now, we'll test the login request, using the credentials for the user we just created:

Copy the Auth Token and let's test the user info endpoint with it. Open the "/auth/me" endpoint and paste the Auth Token into the correspondent field:

It must return the information stored in the database for the user of that Auth Token. Note that you can customise the endpoint settings to return only some fields from the user table.

Now that the backend is ready, you can continue the set up for Custom Authentication.