AuthGate Documentation
AuthGate helps you put login, API routing, and browser session security in front of your application without rebuilding those parts from zero.
If you are new to backend or frontend security, start here:
- IAM answers: who is the user?
- API Gateway answers: which backend service should this request reach?
- BFF Gateway answers: how can a browser app stay logged in without storing access tokens in JavaScript?
Beginner tip: start with one public API route. It is the easiest way to see one public URL forwarding traffic to a backend API. Then learn IAM and BFF after the routing idea feels clear.
What AuthGate gives you
| Part | Plain meaning | What you configure |
|---|---|---|
| IAM | Login, users, roles, OAuth2 clients, and issued tokens. | Clients, users, roles, redirect URLs, scopes. |
| API Gateway | One gateway URL in front of your backend services. | Services, routes, route security, API consumers. |
| BFF Gateway | A browser app served through AuthGate with an HttpOnly session cookie. | OAuth2 client binding, frontend app origin, public routes, secure routes. |
Choose your first path
A small mental model
Think about a normal web app:
- The frontend is the page the user sees.
- The backend API returns data, saves changes, and runs business logic.
- The gateway is the front door between the user and the backend.
- The identity system proves who the user is.
AuthGate joins those pieces so your app can route requests, protect routes, and handle login with less custom security code.
What to read next
Last updated on