← All Docs

App Authentication

Adding Auth to Your App

Add user authentication to your Webase app so visitors can register, log in, and have their own personalized experience. Authentication also enables features like tracking who created each record.

One toggle to enable. Webase handles the entire authentication flow for you — registration forms, login pages, password reset, and session management. No coding or third-party services required.

Enabling Authentication

1

Open App Settings

In the Application Editor, navigate to your app's settings panel.

2

Turn On Auth Required

Find the Authentication section and enable the auth_required toggle. When this is on, visitors must log in before they can access your app.

3

Save and Preview

Save your settings. The preview panel will refresh and show the login screen. Your app is now protected — only registered users can access it.

Registration Flow

When authentication is enabled, your app automatically includes a registration page where new users can create an account. The registration form collects:

  • Email address — Used as the unique identifier and for password reset emails.
  • Password — Securely stored with encryption. Users choose their own password during registration.
  • Name — Optional display name shown within the app.

After registering, users are automatically logged in and redirected to the main app.

Login Flow

Returning users see a login page where they enter their email and password. After successful login, they are redirected to the app's home page. Sessions persist so users stay logged in across visits.

The login page also includes links to the registration page (for new users) and the password reset flow (for users who forgot their password).

Password Reset

If a user forgets their password, they can reset it through a simple email-based flow:

  1. The user clicks Forgot password? on the login page.
  2. They enter their email address and submit the form.
  3. A password reset email is sent with a secure, time-limited link.
  4. The user clicks the link and chooses a new password.

Security note: Password reset links expire after a set period for security. If the link has expired, the user can request a new one from the login page.

Created By Tracking

When authentication is enabled, Webase automatically tracks which user created each record in your data models. This is useful for:

  • Personal views — Show users only the records they created (e.g., "My Tasks" or "My Orders").
  • Audit trails — Know who added or modified data in your app.
  • Permissions — Restrict editing to the user who created a record.

The created_by field is added automatically to records. You can reference it in your app's logic by asking the AI in chat, for example: "Only show tasks where created_by matches the logged-in user."

Managing App Users

Once users register for your app, you can view and manage them from the app settings. You can see a list of registered users, their email addresses, and when they joined. For more details, see Managing App Users.

Tips

  • Test the full registration and login flow in the preview panel before sharing your app.
  • Use the password reset flow to verify emails are being sent correctly.
  • Combine authentication with data models to build personalized, multi-user applications.
  • If your app does not need login (e.g., a public portfolio), leave auth_required disabled.