Authentication Settings

~~Enable~~General ~~authentication~~Security: ~~for your project to secure API endpoints.~~

Set ~~JWT~~Access ~~secrets~~Token ~~and~~Expiry ~~token~~(e.g., ~~expiry durations~~1h) to control how long JWT access tokens remain valid.
~~Optionally~~Set ~~enable~~Refresh ~~row‑level~~Token ~~security~~Expiry ~~and~~(e.g., ~~configure~~7h) ~~session~~for ~~lengths~~the validity of refresh tokens.

Define Public Routes (comma-separated API paths) that bypass authentication (e.g., /auth/login, /products). Public routes skip JWT checks but still respect business logic.

Tenant Scoping (Row‑Level Security):
- Enable multi-tenant configuration when multiple users belong to ~~suit~~an account or when each user should only see their own records.
- Choose a Tenant Model: select the table representing tenants (e.g., accounts for organization-level apps or users for single-user tenancy).
- Set the Default Tenant Field Name: column to add for scoping (e.g., account_id or user_id).
- Exclude Tables: choose tables that should not receive the tenant column (e.g., products, countries, or other global catalogs).

Email (SMTP) Settings:
- Configure your ~~application~~email ~~requirements.~~provider’s SMTP Host & Port.
- Provide ~~email~~SMTP ~~(SMTP)~~Username ~~settings~~& Password for ~~user~~sending ~~flows~~emails.
- Set a From Address (e.g., no-reply@yourdomain.com) and From Name (e.g., Your App).
- Specify the Base URL where users complete password resets or(e.g., ~~verification emails.~~https://yourapp.com).
- ~~Decide~~Define ifa ~~roles~~Password Reset Path containing a %s placeholder for the token, such as /reset-password?token=%s.
- When users request a reset, the API generates a token and ~~permissions~~sends ~~will~~an beemail ~~used;~~linking ~~otherwise~~{BaseURL}{PasswordResetPath}, ~~endpoints~~replacing ~~can~~%s bewith ~~publicly~~the ~~accessible.~~token.

Once configured, these authentication settings secure your API and enable user authentication flows.