Authentication
Overview
The Sema Link API uses two layers of authentication:
- Cloudflare Access — validates that the request is coming from the Sema Link frontend app (service token headers)
- Application auth — validates that the user is logged in (JWT / session token in request headers)
Cloudflare Access (Layer 1)
Every request to the arc subdomain must include:
| Header | Value |
|---|---|
CF-Access-Client-Id | Service token Client ID (from VITE_CF_ACCESS_CLIENT_ID) |
CF-Access-Client-Secret | Service token Client Secret (from VITE_CF_ACCESS_CLIENT_SECRET) |
These are injected by the Axios client automatically. See Zero Trust & API Access for setup details.
Application Auth (Layer 2)
Coming Soon
User authentication (login, session management, JWT handling) documentation will be added here once the auth flow is implemented.