Lolo API Auth
Authenticate an HTTP request.
Many API request may only be performed by authorized users. This function will often be placed between a HTTP trigger and request processing like below:
Events received on the
in port are attempted to be authenticated. If the event can be authenticated it is routed to
The received event is exepected to be an object with a
headers property. That in turn is expected to be an object with the the properties
authorization. These properties are either a LoLo API key (which you can generate in your admin panel) or a JWT token (which you get by logging in) respectively. These are used to authenticate the user.
The headers property may also have a
lolo-account-id property which, if present, should be a string with a LoLo account ID. This is used to allow the user to access other accounts than their own which they are a member of.
If the event can be authenticated, then a
session property is set on the event. The
session property holds an object with the following properties:
All properties are strings.
primaryAccountId is the ID of the account the client authenticated as.
accountId is the ID of the account the client is accessing.
role is a string corresponding to the role the user has. (Either
This function does not listen for, nor emits any events.
If there is a
query property present on the event which has a
lolo-api-key property, then the
lolo-api-key property may be omitted from the
headers object. The same applies to
Updated 3 months ago