Handling Users auth

Hi, first I would like to thank you for your efforts.
I’ve tested squidex and thinking about using it as a backend for an e-commerce mobile app, but I’ve struggled with how authentication works, with multi level auth

  • public : products, categories…

  • protected: orders, reviews…

  • how can a user signup from Api endpoint assign a role to him and receive a token

  • how to perform a simple login usr/pwd and gets a token for protected endpoints