5a. Session verification in an API call
note
This is applicable for when the frontend calls an API in the /pages/api
folder.
For this guide, we will assume that we want an API /api/user GET
which returns the current session information.
/pages/api/user.ts
#
1) Create a new file - An example of this is here.
supertokens.init
function#
2) Call the Remember that whenever we want to use any functions from the supertokens-node
lib, we have to call the supertokens.init
function at the top of that serverless function file.
pages/api/user.ts
import supertokens from 'supertokens-node'import { backendConfig } from '../../../config/backendConfig'
supertokens.init(backendConfig())
verifySession
session function#
3) Call the pages/api/user.ts
import { superTokensNextWrapper } from 'supertokens-node/nextjs'import { verifySession } from 'supertokens-node/recipe/session/framework/express'import supertokens from 'supertokens-node'import { backendConfig } from '../../../config/backendConfig'import NextCors from "nextjs-cors";
supertokens.init(backendConfig())
export default async function user(req: any, res: any) {
// NOTE: We need CORS only if we are querying the APIs from a different origin await NextCors(req, res, { methods: ["GET", "HEAD", "PUT", "PATCH", "POST", "DELETE"], origin: "<YOUR_WEBSITE_DOMAIN>", credentials: true, allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()], });
// we first verify the session await superTokensNextWrapper( async (next) => { return await verifySession()(req, res, next) }, req, res ) // if it comes here, it means that the session verification was successful
return res.json({ note: 'Fetch any data from your application for authenticated user after using verifySession middleware', userId: req.session.getUserId(), sessionHandle: req.session.getHandle(), userDataInAccessToken: req.session.getAccessTokenPayload(), })}
- If no session exists, the API will return a
401
error to the client. In this case, the codereturn res.json
will not be executed at all. - In case the session does exist,
req.session
can be used to get session information. Learn more about this object here.