Skip to main content

Overview

The Twigz API uses Clerk for authentication integrated with Convex for secure, scalable user management. This system supports multiple authentication methods and provides role-based access control for customers, store owners, and administrators.

Authentication Flow

1

User Registration/Login

Users authenticate through Clerk using email, phone, or social providers
2

JWT Token Generation

Clerk generates a secure JWT token for the authenticated user
3

Convex Integration

Token is automatically validated by Convex for API access
4

Role-based Access

API functions check user roles and permissions automatically

Setup Authentication

Frontend Setup (React)

Backend Setup (Convex)

User Roles & Permissions

The system supports three main user roles:

Customer

Permissions: Place orders, manage cart, view own data
Access: Customer functions, public store data

Store Owner

Permissions: Manage store, products, orders, settings
Access: Store functions, own store data, customer orders

Admin

Permissions: Platform management, store approval, analytics
Access: All functions, system-wide data

Protected API Calls

Authentication Patterns

Role-based Component Access

User Registration Flow

Error Handling

Status Code: 401
Status Code: 403
Status Code: 401
Status Code: 403

Security Best Practices

Token Security

Never expose secret keys in client-side code. Use environment variables for all sensitive configuration.

Role Validation

Always validate user roles on both client and server side for security in depth.

Session Management

Implement proper session timeout and refresh mechanisms for long-running applications.

Audit Logging

Log all authentication events and permission changes for security monitoring.
All API functions automatically validate authentication and permissions. You don’t need to manually check authentication in most cases.
Use Clerk’s built-in components for authentication UI to ensure security best practices and consistent user experience.