Skip to main content


SuperTokens provides User Roles feature which allows you to:

  • Create roles and associate them with an array of permissions.
  • Associate an array of roles to each user.
  • Fetch a list of roles and permissions for a user.
  • Save the roles and permissions in a session to access them effeciently on the frontend and backend APIs.
  • Guard frontend routes and backend APIs to only allow access if a user has a certain role or permission.

When using this recipe the general flow would be as follows:

  1. Create a role and assign permissions to that role
  2. Assign roles to users
  3. Protect your API and website routes by verifying that the user has the correct role and permissions
Basic User Roles Architecture
Which frontend SDK do you use?
supertokens-web-js / mobile