Hi,
How do i prevent users from logging into the dashboard/backend/admin area.
I need users to only interact with the frontend I’m building.
Thanks in advance!
Well, Cockpit is a headless CMS so everything happens in the CMS… to create a user that has no access to the CMS either create the user then disable it (the record will still be there, but the account cannot be used) or create the user and give it no permissions (without permissions it will not be able to access anything).
I suppose you can work around that with certain scripts, but perhaps it’s better to create a separate collection for frontend users? That way they have no permissions whatsoever in the CMS itself and it can only be used in the way you want.
How I sort of solved it was to allow only a few IP addresses. created a separate subdomain as a sort of proxy that only allowed requests that started with /api.
Bit of a hack but it works for now.
Are your frontend and backend separated into two different locations?
For me I use Nextjs SSR requests, so that it hides the API calls from users.