Best practice for multi-service architecture (Separate Express APIs)
Express
Next.js🤔QuestionHi everyone!
We are currently using Better-Auth in a decoupled architecture and need some advice on the best practice for scaling to multiple backend services.
Our current Setup:
- Multiple Frontends: Next.js using authClient.
- Public API: Express server acting as the main Better-Auth instance (handling login, session management, etc.).
- Implementation Reference: We followed this approach: better-auth-separate-backend.
The Challenge: We are introducing a second, internal Express API. We want this internal API to also validate sessions using
Our Questions:
1. What is the recommended way to share the auth instance between two separate Express APIs? Should we just point both to the same database with identical auth configurations (same secret, same plugins)? There is no monorepo.
2. Is there a way to use
Additional Issue:
We've encountered a strange behavior with Access Control from the admin plugin. Even though session fetching works, we often get a MISSING_OR_NULL_ORIGIN error unless we manually provide the origin via the referrer header. Has anyone seen this when running Better-Auth behind a proxy or in a separate Express backend?
Would love to hear how you guys handle multi-service auth validation!
We are currently using Better-Auth in a decoupled architecture and need some advice on the best practice for scaling to multiple backend services.
Our current Setup:
- Multiple Frontends: Next.js using authClient.
- Public API: Express server acting as the main Better-Auth instance (handling login, session management, etc.).
- Implementation Reference: We followed this approach: better-auth-separate-backend.
The Challenge: We are introducing a second, internal Express API. We want this internal API to also validate sessions using
auth.api.getSession()Our Questions:
1. What is the recommended way to share the auth instance between two separate Express APIs? Should we just point both to the same database with identical auth configurations (same secret, same plugins)? There is no monorepo.
2. Is there a way to use
auth.apiAdditional Issue:
MISSING_OR_NULL_ORIGIN We've encountered a strange behavior with Access Control from the admin plugin. Even though session fetching works, we often get a MISSING_OR_NULL_ORIGIN error unless we manually provide the origin via the referrer header. Has anyone seen this when running Better-Auth behind a proxy or in a separate Express backend?
Would love to hear how you guys handle multi-service auth validation!
