Skip to main content

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.


This is a http microservice written in Java and is responsible for interfacing with the db and providing a set of APIs (CDI spec) that the backend SDK can use. The primary purpose of this SDK is to:

  • Reading / writing to the db
  • A lot of the "core" logic
    • For example, how the session tokens are created
    • The db query logic to make sure that there are no duplicate userIds being created
    • Cronjobs to remove sessions that have expired.
    • Storing and verifying password hashes (and salt).
  • Provide an in memory db (using SQLite) that implements the plugin interface - so that users can quickly get started without actually connecting it to a db. This also helps with testing.

For the various operations need to interface with the db, and that is done via an interface called the plugin interface.

Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI