Skip to main content

Overview

Authentication configuration allows Sate to access your protected endpoints on behalf of your customers. This enables secure, personalized interactions while maintaining proper authorization controls.

Authentication Types

DevSpace supports both authenticated and unauthenticated functions:
  • Unauthenticated functions: Public endpoints that don’t require user credentials
  • Authenticated functions: Protected endpoints that require customer authentication

Configuration Settings

Set up authentication on the DevSpace platform by providing:
1

Login URL

The endpoint where customers will authenticate
2

Authorization Location

Where the auth token should be placed (header, query, body)
3

Authorization Type

The type of authentication (Bearer, API Key, etc.)
4

Header Configuration

Label and value format for authorization headers

Authentication Flow

Here’s how Sate handles authentication when executing protected functions:
1

Function Execution Request

Sate determines it needs to call an authenticated function to help the customer
2

Authentication Check

If the customer isn’t authenticated, Sate sends them your configured login URL
3

Customer Login

Customer clicks the link and enters their credentials on your platform
4

Token Exchange

Your platform validates credentials and sends authentication data to our callback
5

Function Execution

Sate uses the received token to execute the function on the customer’s behalf

Implementation Requirements

To use authenticated functions, your login endpoint must:

1. Accept State Parameter

Your login URL must accept a state parameter that we’ll include: 
https://yourapp.com/login?state=ABC123

2. Implement Callback Integration

After successful authentication, send a POST request to our callback endpoint: Endpoint: https://api.eusate.com/api/v1/lab/login/callback/ Authentication: You must include your API key in the Authorization header. Get your API key from the platform settings. Required Headers:
  • Authorization: Bearer YOUR_API_KEY
  • Content-Type: application/json
Required Body Parameters:
  • auth_token: The customer’s authentication token
  • auth_token_expires_at_seconds: Token expiration time (Unix timestamp)
  • state: The state parameter from the original login URL

Security Considerations

Always validate the state parameter to prevent CSRF attacks and ensure tokens are properly scoped to the authenticated user.
Tokens should have appropriate expiration times and be invalidated after use when possible.

Next Steps