How to differentiate between Authenticated users und notAuthenticated users in Cloud Code(API service)

Hello Everyone,

I want to make sure that only logged in users have access on my API service,
I read this topic:

and it’s still not clear, how to do it.
I can check if the user has sent user-token, but how can I know it’s a valid user token? and is it the right way to do it?
if you can provide a simple cloud function example on how to authenticate user, I would be thankful.

Thanks for reading,
Pickapp Team

Hi PickApp Team, welcome to our support forum. So that we can provide a more precise answer, could you please let us know if you use (or plan to use) JavaScript, Java or Codeless in Cloud Code?


Hello Mark,

we’ll use Javascript.

but if Java is better we can use it also.


When you add an event handler in Cloud Code, your code will be receiving the req object which represents the incoming API request. This is what it looks like out of the box:

You can see the properties of the req object here:

Once of the properties is req.context.userRoles, which is a collection (array) of the security roles the user has. This will include both system and custom roles. If the user is authenticated, the collection will have the AuthenticatedUser role, otherwise, the collection will have the NotAuthenticatedUser role.

Hope this answers your question.


thank you for answering. we’ve decided to check existence of user-token in API services functions. If this affect security please let us know.

PickApp Team

It should work just fine. Please let us know if you run into any problems with that approach.