Tutorials > Protected API Calls

Proceed to the /server/api folder – name a file such as hello.ts is your API endpoint(http://YOUR_DOMAIN_HERE/api/hello)! ✨ ✨ For an extra bit of simplicity, go to the /libs/api.ts helper file (it's like an axios wizard with interceptors).

1. Automatic error messages for common cases such as Please Login , You need to be on paid plan to use this feature etc.

2. Redirecting user to the login page upon 401 error

🍪 Supabase provides authentication support using cookies – it's fully automatic! 🚀 Simply make a standard API call on the front-end:

/app/components/any-component.vue

<template>
  <div>
    ...
      <button @click="makeProtectedHttpCall"></button>
    ...
  </div>
</template>

<script lang="tsx" setup>
import { useAuthStore } from '@/store/useAuthStore';
import apiClient from "@/libs/api";
import config from "@/config";


const supabase = useSupabaseClient()

const isLoading = ref<boolean>(false);

const store = useAuthStore();
const { user } = storeToRefs(store)

const makeProtectedHttpCall = async () => {
  isLoading.value = true;

  if (user) {
    await apiClient.post("/api/protected-api");
  }

  isLoading.value = false;
};
</script>

🔙 On the backend, we grab the session magic and use it to fetch the user from the database. But first things first – configure that database! 🛠️ Your API file is the secret sauce and should have a vibe like this:

/server/api/protected-api.ts

import { serverSupabaseUser } from '#supabase/server';

  export default defineEventHandler(async (event) => {
      try {
          const user = await serverSupabaseUser(event)
  
          // User who are not logged in can't make a purchase
          if (!user) {
              throw createError({ statusCode: 401, statusMessage: "You must be logged in to make a purchase." });
          }
  
          // you can do what you need to do with the authenticated user
      } catch (error) {
          console.error(error);
          throw error;
      }
  });