Express integration: /api/auth/session and /sign‑in/email return 404, but auth.api.getSession works
We’re using Better Auth 1.3.7 with Express (Node 20) behind Cloudflare/Railway. Programmatic calls resolve the session correctly (auth.api.getSession({ headers }) → hasUser=true), but the HTTP routes return 404: GET /api/auth/session and POST /api/auth/sign‑in/email. We mount with app.use('/api/auth', toNodeHandler(auth)), trust proxy is set, CORS and body parsers are mounted before the handler, and we’ve verified prefix stripping via logs (handler receives url=/session and url=/sign‑in/email). Admin APIs using the same cookies return 200.
As a temporary unblock we added a small server endpoint for GET /api/auth/session that proxies auth.api.getSession so our SPA guard can proceed. Is there any known configuration nuance or route registration issue in 1.3.7 that could make the HTTP endpoints 404 while the programmatic API succeeds? Any guidance or diagnostics to surface handler-level 404 reasons would be appreciated.
As a temporary unblock we added a small server endpoint for GET /api/auth/session that proxies auth.api.getSession so our SPA guard can proceed. Is there any known configuration nuance or route registration issue in 1.3.7 that could make the HTTP endpoints 404 while the programmatic API succeeds? Any guidance or diagnostics to surface handler-level 404 reasons would be appreciated.
