Authentication is often the moment a frontend project stalls.
OAuth providers, JWT handling, user tables, and email flows quickly turn a simple app into a backend project.
But many teams don't actually need custom auth infrastructure to move forward.
The frontend-only auth pattern
ReqRes supports a frontend-first auth flow using:
- Magic-link login
- Session tokens
- Per-user scoped data
No backend server is required.
Step 1: send a login link
curl -X POST https://reqres.in/api/app-users/login \
-H "x-api-key: YOUR_PUBLIC_PROJECT_KEY" \
-H "Content-Type: application/json" \
-d '{ "email": "[email protected]" }'
Step 2: verify the token
curl -X POST https://reqres.in/api/app-users/verify \
-H "Content-Type: application/json" \
-d '{ "token": "MAGIC_TOKEN_FROM_EMAIL" }'
This returns a session token.
Step 3: read and write user data
curl https://reqres.in/api/collections/notes/records \
-H "Authorization: Bearer SESSION_TOKEN"
Each user only sees their own records.
Why teams choose this approach
This pattern works well for:
- Client-only apps
- Demos and MVPs
- QA environments
- Internal tools
You can see the full flow in action here: https://app.reqres.in/?next=/examples/notes-app