Niftory Docs
Niftory Web3 API

Privileged Authentication

Some operations require more privileged authentication — for example, if any user could invoke the transfer mutation, they would be able to transfer as many NFTs as they wanted to themselves, so we probably only want the application to be able to initiate that operation!
For operations that should only be initiated from the app or app admin's context, we support two forms of privileged authentication.

Backend Authentication

Backend authentication amounts to your application authenticating as itself, instead of in the AppUser context.
Backend authentication allows the App to perform any privileged operation against your application's resources.
For this reason, it's extremely important to only use this kind of authentication in your backend.
To use this kind of auth, authenticate using the OAuth Client Credentials grant. Many OAuth libraries support this.
In the sample app, we do this using openid-client.

Admin Authentication

In some situations, you may want members of your development team to log into your application and perform privileged operations. Most of these operations can be handled in the Admin Portal, but you can also authenticate your team members as AdminUsers instead.
This works exactly like User Authentication, but adding the admin scope to your OAuth configuration.
Admin Authentication will only succeed if the user trying to log in is already a member of your team.