Paywall best practices
Hi
I am trying to implement complex paywall logic for my website content, and wanted to see if anyone had tips for best practices.
I don't think I could use standard authentication on API calls, because I want to allow non authenticated users to also have access to a specific amount of content per month.
The paywall will operate on a tier basis:
A) Non authenticated users
- will be able to read 4 articles a month. I am planning on using their IP to log how many they read.
B) Authenticated users
- "lite" users can read more articles, but not all
- paying users can read unlimited
Is it possible to set up a call where user auth token is optional? If they arent authenticated, I'll check IP. If they are authenticated, I'll check their subscription tier?
Is there a better way to do this or any tips?
Best Answer
-
Sure, you can do this. Wrap your authentication logic into a custom function that is easy to distribute among your endpoints. Take no inputs (since it will just check the $http_header environment variable) and return a user object of some kind to be used by the rest of the function stack. Make that the first line of each endpoint. You'll need to manage this yourself, but its not so bad - I've used this for implementing API key approaches.
Answers
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback