MaskAPI Logo
MaskAPI
Docs
Authentication

Authentication

MaskAPI makes it easy to add authentication to your app.
Create multiple independent auth configurations each tied to its own table with custom login/signup logic and protected APIs. All setup happens in the UI.


📘 Before You Start

Ensure your project has a Database Connection:

  1. Select your project
  2. Go to the "Settings" tab
  3. Under "Project Global Configurations" section
  4. Add your database connection string in "Database Connection" field
  5. Toggle Active Database Authentication on
  6. Click "Save Changes" on the top of the page

Now you’re ready to create authentication configurations.


🧩 How to Create an Authentication Configuration

Create multiple auth configs (e.g. “Admin Panel” → admins table, “Main App” → users table):

  1. Select your project
  2. Go to the Settings tab
  3. Under Project DB Authentication Configurations section
  4. Click Create Auth Configuration button
  5. In General & Database tab enter a configuration name (e.g. Admin Panel)
  6. Go to Database Table Configuration section
  7. Enter names for:
    • Table: e.g. admins
    • Primary column: e.g. id
    • Credential column: e.g. email or username
    • Password column: e.g. password
  8. Click Create Configuration then Click Save Changes

Your new auth config appears in the list.


🔐 How to Configure Refresh Tokens

  1. Click Configure on your auth config card
  2. In General & Database tab scroll down to Refresh Tokens Management
  3. Toggle Enable Refresh Tokens on
  4. (Optional) update Refresh Token Expiry (days) time number if needed
  5. Click Validate to check your refresh_tokens table:
    • Create Table if missing
    • Fix Schema if incomplete
  6. Click Save Changes

A valid refresh_tokens table is required for refresh functionality.


🧪 How to Customize Login & Signup Logic

Each configuration has its own login and signup codes.

  1. Click Configure on your auth card
  2. Go to Authentication tab
  3. Click Login Configuration, edit the code,then Save
  4. Click Signup Configuration, edit the code,then Save
// Example: block inactive users
if (!user.isActive) throw new Error("Inactive account");
return true;

Pre‑built code is provided—customize only if you need extra checks.


🔒 How to Protect APIs with Middleware

You can decide which APIs require authentication per configuration.

  1. Click Configure on your auth card
  2. In Authentication tab, click Require Authentication APIs
  3. Check the requires middleware protection APIs
  4. Click Save update then Save Changes

Each API can be protected by only one auth configuration.

Other way to protect APIs is from studio after launch API in page over the Run buttons there is config button it shows only when you have it least one project auth config with it you can chose to protect API or not with any auth config if you have multiple ones.


🔌 Use Authentication Endpoints

Required Headers for All Requests:

x-mapi-key: your_project_key
x-mapi-auth-config-id: your_auth_config_id
Content-Type: application/json

Note: Replace your_project_key with your actual project's API key and your_auth_config_id with the ID of the authentication configuration you just set up you can find it in auth configuration modal in general settings section .

Login

POST https://mask.maskapi.dev/api/v1/auth/login
{ "credential": "user@example.com", "password": "password123" }

Signup

POST https://mask.maskapi.dev/api/v1/auth/signup
{ "credential": "new@example.com", "password": "password123", "confirmPassword":"password123", "name": "John" }

Refresh Token

POST https://mask.maskapi.dev/api/v1/auth/refresh
{ "refreshToken": "refresh_token_here..." }

Logout

POST https://mask.maskapi.dev/api/v1/auth/logout
Authorization: Bearer ACCESS_TOKEN
{ "refreshToken": "refresh_token_here..." }

For more examples you can find them in authentication config modal in API Examples tab


🚀 How to Call Your Protected APIs

Once APIs are protected, send the JWT accessToken as a Bearer token:

GET https://mask.maskapi.dev/api/v1/protected_api_path
Authorization: Bearer YOUR_ACCESS_TOKEN
x-mapi-key: your_project_key
// JavaScript (fetch)
fetch('https://mask.maskapi.dev/api/v1/protected_api_path', {
  headers: {
    'Authorization': `Bearer ${accessToken}`,
    'x-mapi-key': 'YOUR_PROJECT_KEY',
  }
})
  .then(res => res.json())
  .then(data => console.log(data));

That’s it—set up, secure, and consume your APIs with just a few clicks and headers! 🎉

Special Status CodesDebugging