Skip to main content
This guide walks you through configuring email and password authentication for your application using the Prelude Session Management API.

Prerequisites

Before you start, make sure you have:
  • A Prelude account with access to the Session API
  • An Application ID (appID) — see Applications
  • Your Management API key for backend calls

Set up password authentication

Configure password authentication for your application using the Management API from your backend.
1

Create a password configuration

curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/config/login/password \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "enabled": true,
    "rate_limit_login_ip": {
      "ttl": 600000000000,
      "limit": 10
    },
    "rate_limit_login_identifier": {
      "ttl": 600000000000,
      "limit": 10
    },
    "password_compliancy": {
      "min_length": 8,
      "max_length": 128,
      "uppercase": 1,
      "lowercase": 1,
      "numbers": 1,
      "symbols": 1
    }
  }'
FieldDescription
hash_methodThe hashing algorithm for passwords. Default argon2id.
rate_limit_login_ipRate limit per IP address. ttl is in nanoseconds (600000000000 = 10 minutes).
rate_limit_login_identifierRate limit per identifier (e.g. email). Same format as above.
password_compliancyPassword requirements your users must meet. Adjust these values to match your security policy.
2

Create a user with an email identifier

Create a user with an email identifier:
curl -X POST https://api.prelude.dev/v2/session/apps/${APP_ID}/users \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "identifiers": [
      {
        "type": "email_address",
        "value": "user@example.com"
      }
    ]
  }'
3

Set the user's password

Set a password for the newly created user:
curl -X PUT https://api.prelude.dev/v2/session/apps/${APP_ID}/users/${USER_ID}/password \
  -H "Authorization: Bearer ${MANAGEMENT_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "Prelude123*"
  }'

What’s next?

Now that your backend is configured, integrate the frontend using the Web Integration guide and login the newly created user.