Skip to main content

Auth hooks

Auth hooks lets you override the default security behaviour on specific routes. If an auth hook route matches a route hook, and no authentication token is present in the headers, the auth function is called as a last resort to allow or dismiss the request. The auth hook function logic calls next() to allow, or response.end() to block a client request.

Use the auth hook to create public routes and custom rules and overrides to fit any use case.

Example auth hook

import app from 'codehooks-js' // Standard JS lib for express style code

// REST API routes
app.get('/specialroute/frags', (req, res) => {
res.end('You have the correct secret header value');

// Auth hook
app.auth('/specialroute/*', (req, res, next) => {
// call some auth function here, e.g. myLookup
myLookup(req.headers['X-challenge'], (err, data) => {
if (err) {
res.status(401); // Unauthorized
} else {
// allow API call

function myLookup(challenge, callback) {
if (challenge === 'SOMESECRET') {
} else {

export default app.init(); // Bind functions to the serverless runtime

See docs for route matching

See docs for middleware functions and the next() function