The module ships a Nitro middleware that runs on /api/**.
It only checks routeRules.role.
export default defineNuxtConfig({
routeRules: {
'/api/admin/**': { role: 'admin' },
'/api/user/**': { role: ['admin', 'user'] },
},
})
If you want different behavior (e.g. auth on APIs), add your own Nitro middleware.
See also:
/core-concepts/security-caveats