Authentication

Protected Routes

You can protect specific routes in your documentation by adding the protectedRoutes property to your Dev Portal configuration. This property supports two formats: a simple array of path patterns, or an advanced object format with custom authorization logic.

Array Format

The simplest way to protect routes is to provide an array of path patterns. Users must be authenticated to access these routes.


zudoku.config.ts
 
{
  // ...
  protectedRoutes: [
    "/admin/*",     // Protect all routes under /admin
    "/settings",    // Protect the settings page
    "/api/*",       // Protect all API-related routes
    "/private/:id"  // Protect dynamic routes with parameters
  ],
  // ...
}

Advanced Object Format

For more complex authorization logic, you can provide a record mapping route patterns to custom callback functions:


zudoku.config.ts
 
{
  // ...
  protectedRoutes: {
    // Only allow authenticated users with admin role
    "/admin/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.role === "admin",

    // Check if user has enterprise access
    "/api/enterprise/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.subscription === "enterprise",

    // Allow access to beta features based on user attributes
    "/beta/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.betaAccess === true,
  },
  // ...
}

The callback function receives an object with:

auth: The current authentication state including isAuthenticated, user data, and more
context: The Dev Portal context providing access to configuration and utilities

The callback must return a boolean indicating whether the user should have access to the route.

Path Patterns

The path patterns follow the same syntax as React Router:

:param matches a URL segment up to the next /, ?, or #
* matches zero or more characters up to the next /, ?, or #
/* matches all characters after the pattern

For example:

/users/:id matches /users/123 or /users/abc
/docs/* matches /docs/getting-started or /docs/api/reference
/settings matches only the exact path /settings

After logging in, users will be automatically redirected back to the protected route they were trying to access.

Next Steps

Learn about authentication providers supported by Dev Portal - Configure user data display

Edit this page

Last modified on November 17, 2025

Overview Auth0

Array Format

The simplest way to protect routes is to provide an array of path patterns. Users must be authenticated to access these routes.

zudoku.config.ts

{
  // ...
  protectedRoutes: [
    "/admin/*",     // Protect all routes under /admin
    "/settings",    // Protect the settings page
    "/api/*",       // Protect all API-related routes
    "/private/:id"  // Protect dynamic routes with parameters
  ],
  // ...
}

Advanced Object Format

For more complex authorization logic, you can provide a record mapping route patterns to custom callback functions:

zudoku.config.ts

{
  // ...
  protectedRoutes: {
    // Only allow authenticated users with admin role
    "/admin/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.role === "admin",

    // Check if user has enterprise access
    "/api/enterprise/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.subscription === "enterprise",

    // Allow access to beta features based on user attributes
    "/beta/*": ({ auth, context }) =>
      auth.isAuthenticated && auth.user?.betaAccess === true,
  },
  // ...
}

The callback function receives an object with:

auth: The current authentication state including isAuthenticated, user data, and more

context: The Dev Portal context providing access to configuration and utilities

The callback must return a boolean indicating whether the user should have access to the route.

Path Patterns

The path patterns follow the same syntax as React Router:

:param matches a URL segment up to the next /, ?, or #

* matches zero or more characters up to the next /, ?, or #

/* matches all characters after the pattern

For example:

/users/:id matches /users/123 or /users/abc

/docs/* matches /docs/getting-started or /docs/api/reference

/settings matches only the exact path /settings

After logging in, users will be automatically redirected back to the protected route they were trying to access.