Most frontend developers don’t want to build authentication systems.
They just want login to work-accurately.
The usual auth problem
To add auth, you’re often told to:
• Stand up a backend
• Choose an auth provider
• Wire redirects and callbacks
• Manage tokens and refresh logic
• Maintain it forever
That’s a lot, especially early on.
What frontend-only auth looks like
A simpler model: 1. Send a magic link to the user 2. Verify the token 3. Receive a session token 4. Use that token to scope data
No passwords. No OAuth dance. No server code.
Example: magic-link login
curl -X POST https://reqres.in/api/app-users/login \
-H "Content-Type: application/json" \
-H "x-api-key: <project_public_key>" \
-d '{"email":"[email protected]","project_id":"<project_id>"}'
Then verify:
curl -X POST https://reqres.in/api/app-users/verify \
-H "Content-Type: application/json" \
-d '{"token":"<magic_token>"}'
Now you have a session_token you can use from the browser.
Scoped data, real behavior
curl https://reqres.in/app/collections/notes/records \
-H "Authorization: Bearer <session_token>"
Each user sees only their own data.
Refresh the page. Data persists.
See it live
The Notes example app shows this flow end-to-end:
https://app.reqres.in/?next=/examples/notes-app
When this approach shines
• Frontend-led MVPs
• QA environments
• Demos and prototypes
• Client-only apps
• Teaching auth concepts
Wrap-up
Frontend-only auth isn’t fake auth.
It’s just auth without unnecessary backend overhead.
Get started here:
https://reqres.in/signup