What username/password-based logins does the application use?Last Updated: March 13, 2019
We use a two-step authentication to connect you to both Forest’s server and your Admin API.
The first step is to retrieve your UI configuration. When logging into your account, your credentials are sent to Forest’s server which returns the UI token to authenticate your session.
The second step is to authenticate yourself on your app to have access to your data. Your password is sent to your Admin API which returns the data token signed by the FOREST_AUTH_SECRET you chose. Each of your requests to your Admin API are authenticated with the Data Token.
In a nutshell, your admin uses the UI token to make requests about the UI configuration. Then the Data Token is used to make queries on your Admin API to manage your data. All of our tokens are generated using the JWT standard.
The main advantage of Forest’s architecture is that absolutely no data transits through our servers. The user accesses application data directly from the client and Forest is just deployed as a service to display and interact with the data.