"Payload has transformed the way our clients manage content. It's an indispensable tool for any modern agency."
Microsoft chose Payload to tell the world about AI.
Use Payload Authentication in own web app
In the docs it says: "Payload's Authentication is extremely powerful and gives you everything you need when you go to build a new app or site in a secure and responsible manner."
My question is: How do i check if a users session is valid?
Image i have an application test.com which has a route /login . If a user submits the form provided by this route its makes a post request to the payload cms endpoint /api/{user-collection}/login (hosted on cms.test.com). After that a cookies gets set in the headers if the user provided correct login credentials. So far so clear.
But: How do i check if the session is valid in upcoming requests? If a user routes to test.com/dashboard i have to somehow check in a middleware function if the session is valid but in the docs i can't find an api endpoint to do this (
https://payloadcms.com/docs/rest-api/overview#auth-operations).
Use Payload Authentication in own web app
Ah thanks. Is this endpoint designed for such a use case? I would have expected a /api/[collection-slug]/validate-session endpoint
@1136745585899216998You want the "me" endpoint
Which will return either an active session or a bad request
https://payloadcms.com/docs/authentication/operations#meYes it is
Star
Discord
online
Get dedicated engineering support directly from the Payload team.