Custom Authentication with Xano
Follow this guide to configure Xano as the user authentication tool
To configure the authentication API endpoints in Xano, you'll need:
  • A database table to store the user data.
  • Three API endpoints, that will be targeted from Bravo to authenticate the users and get user-specific data. The endpoints will be:
    • Login endpoint (POST method). It will receive authentication data (user email and password). In case the user exists in the database, and the credentials are correct, a unique user auth token will be returned. This token will represent the user session, and will be valid for a certain timeframe. Once it expires, the user session will be terminated, and a new token must be requested.
    • Signup endpoint (POST method). It will receive a user email and password, and create a new user in the database, with those credentials.
    • User Info endpoint (GET method). It will receive a user auth token, that must be previously requested targeting the login endpoint. In case the token is valid, it will return information about the specific user related to the token.
In case you're creating a Xano workspace from scratch, both the user data table and the authentication endpoints will be created for you by default, unless you specify otherwise.
If the table and endpoints are already created, you can skip to this section. If not, we'll explain below how to create them manually.

Creating a new API group

An API group in Xano is a group of API endpoints. Normally, this group contains all the API endpoints related to one application. It can interact with one or more database tables.
In this example, we'll create a simple API group, containing the three endpoints that we need to authenticate users. To do that, go to the API section in Xano and click on Add API group.
Xano User Authentication - Add API group
Now, we'll have an empty API group. Before creating the authentication endpoints, we'll create a new database table to store the user data.

Creating the user table

To create this table, go to the Database section in Xano, and select Add Table. In the pop-up section, we'll select the API group we just created, so the API endpoints we create later will be associated with this database table.
Once the table is created, we need to enable authentication for the table. This means the table will be able to handle all the authentication-related data. We'll do this in the table settings.
Now that the table can handle user authentication, we need to add all the fields related to user data. We must have fields for the user ID (automatically created for us), user email and password, but we can include additional fields if we want. In this example, we'll add also a field for the user name.
We'll make all the fields required, which means they must be included in the API request message sent from Bravo, targeting the API endpoints we'll create later.
Now that the user table it's ready, it's time to add the API endpoints in our API group.

Adding the API endpoints

We'll add the three API endpoints mentioned earlier (login, signup and user info) to complete the authentication flow. These endpoints will interact with the user table we just created, to add and retrieve user information.
Go to the API group we created before. You'll see that it will already contain some API endpoints, which were created when we associated the user table with the API group. These endpoints can perform CRUD operations (create, read, update and delete) against our user table.
However, as this is a special table that will contain authentication data, we must create specific authentication endpoints to handle the process in a secure way. Xano provides a way to add these endpoints very easily. We'll create the login, signup and user info endpoints as shown below.

Testing the endpoints

Once the user table and the endpoints have been created, it's time to test them and make sure everything works as expected!
We'll use Xano's API testing tool to create a new user in the database, then log in with that user and obtain a token, and finally target the user info endpoint with that token.
To create a new user, click on the signup endpoint inside the API group, and use the Run & Debug tool. This will allow us to send test requests against the endpoints.
If the user is created successfully, an authentication token will be created. Now, we'll test the login request, using the credentials for the user we just created.
If we provide the same credentials we did for the signup, we should obtain another authentication token. This time, we'll copy it, as we'll test the user info endpoint with it. To do that, open the endpoint with the /auth/me path (you could set up a different one), and include the token we just copied when sending the debug request.
If the request is set up properly, we should see the information stored in the database for the user we have created. You could customize the endpoint settings to return only some fields from the user table.
Now that the user table and API endpoints are ready, you can create a new API collection in Bravo Studio to complete the authentication flow in your app.