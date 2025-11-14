Authentication Protected Routes Copy page

You can protect specific routes in your documentation by adding the protectedRoutes property to your Zudoku configuration. This property supports two formats: a simple array of path patterns, or an advanced object format with custom authorization logic.

Array Format

The simplest way to protect routes is to provide an array of path patterns. Users must be authenticated to access these routes.

zudoku.config.ts zudoku.config.ts { // ... protectedRoutes : [ "/admin/*" , // Protect all routes under /admin "/settings" , // Protect the settings page "/api/*" , // Protect all API-related routes "/private/:id" // Protect dynamic routes with parameters ], // ... }

Advanced Object Format

For more complex authorization logic, you can provide a record mapping route patterns to custom callback functions:

zudoku.config.ts zudoku.config.ts { // ... protectedRoutes : { // Only allow authenticated users with admin role "/admin/*" : ({ auth , context }) => auth.isAuthenticated && auth.user?.role === "admin" , // Check if user has enterprise access "/api/enterprise/*" : ({ auth , context }) => auth.isAuthenticated && auth.user?.subscription === "enterprise" , // Allow access to beta features based on user attributes "/beta/*" : ({ auth , context }) => auth.isAuthenticated && auth.user?.betaAccess === true , }, // ... }

The callback function receives an object with:

auth : The current authentication state including isAuthenticated , user data, and more

: The current authentication state including , data, and more context : The Zudoku context providing access to configuration and utilities

The callback must return a boolean indicating whether the user should have access to the route.

Path Patterns

The path patterns follow the same syntax as React Router:

:param matches a URL segment up to the next / , ? , or #

matches a URL segment up to the next , , or * matches zero or more characters up to the next / , ? , or #

matches zero or more characters up to the next , , or /* matches all characters after the pattern

For example:

/users/:id matches /users/123 or /users/abc

matches or /docs/* matches /docs/getting-started or /docs/api/reference

matches or /settings matches only the exact path /settings

After logging in, users will be automatically redirected back to the protected route they were trying to access.

