Using Identity to authenticate api calls on your own API


I’m now making a web app with a back-office using Netlify Identity to authenticate users. In my architecture, I have a Java Spring Boot API where I need to know who is making the request. How can I validate a user authenticated in Netlify Identity on my API?

Thanks for your help!


Our identity experts are a bit out of pocket right now Fred, but I think we’ll be able to get you some specific advice next week!

Thanks! I appreciate it!

Hi @fredmontet,

My recommendation is to use Netlify functions. If you pass the Netlify Identity JWT in an Authorization header in a request to a Netlify function, we will verify the signature on the token and inject the user’s details in to the function context for you to access. You can use this to essentially proxy requests to your java backend, and in the process authenticate the request. If you have an api key for your java api then you can also inject it from the function. You can access the user info from inside the function like so:

exports.handler = function(event, context, callback) {
const { user } = context.clientContext;
if (!user) {
    return callback(null, {
    statusCode: 401,
    body: `woops, you shouldn't be here!`,
// Put your custom request to your api backend here.
return callback(null, {
    statusCode: 200,
    body: JSON.stringify(user),

To get that user info injected you just need to make a request to a netlify function on your site that includes an Authorization header with a Bearer JWT_TOKEN .

1 Like

Great, I think it does solve my issue, I’ll give it a go in the next days! Thanks!