Context-appropriate API authentication

appwrite/appwrite

Based on 2 comments

Markdown

Always use the authentication method appropriate for your API client's execution context. Server-side SDKs should use API key authentication (with `setKey()`) rather than session-based authentication, which is meant for client-side applications.

API Markdown

Reviewer Prompt

Always use the authentication method appropriate for your API client’s execution context. Server-side SDKs should use API key authentication (with setKey()) rather than session-based authentication, which is meant for client-side applications.

Why it matters:

Server SDKs are designed to work with API keys for secure backend operations
Session-based authentication (setSession()) won’t function properly in server contexts
Consistent authentication patterns improve maintainability across projects

Example - PHP Server SDK:

$client = (new Client())
    ->setEndpoint('https://<REGION>.cloud.appwrite.io/v1') 
    ->setProject('<YOUR_PROJECT_ID>')
    ->setKey('<YOUR_API_KEY>'); // Correct: Using API key for server authentication
    // ->setSession(''); // Incorrect: Session auth doesn't work server-side

Example - Kotlin Server SDK:

val client = Client()
    .setEndpoint("https://<REGION>.cloud.appwrite.io/v1")
    .setProject("<YOUR_PROJECT_ID>")
    .setKey("<YOUR_API_KEY>") // Correct: Using API key for server authentication
    // .setSession("") // Incorrect: Session auth doesn't work server-side

Comments Analyzed

Markdown

Primary Language

API

Context-appropriate API authentication

Reviewer Prompt

Source Discussions

Add Repository

Private Repository