Skip to main content
Version: 6.0.X

Overriding APIs

Main interface#

interface APIInterface {    /*     * Refreshs the session if refresh token is found. If no refresh token is found or is expired,    * the default implementation throws an unauthorised error which means the user will need to    * sign-in again.    *     * @method: POST    *     * @params: set it to undefined to disable the API.    *          options: see APIOptions below    */    refreshPOST: undefined | (input: { options: APIOptions }) => Promise<void>;
    /*     * API will be called when user wants to logout from the existing session.    *     * @method: POST    *     * @params: set it to undefined to disable the API.    *          options: see APIOptions below    *     * @returns: "OK" on successfully logging out the user    */    signOutPOST:        | undefined        | ((input: {              options: APIOptions;          }) => Promise<{              status: "OK";          }>);
    /*     * This is a middleware to be used in the API where you want to verify if an active session    * exists or not for the API call. The default implementation will add a session object to request    * if a active session is found in the request.    *     * @params: options: see APIOptions below    *          verifySessionOptions: contain two boolean values: one to enable/disable    *          anti-csrf check and another to state if session requirement is optional    */    verifySession(input: {        verifySessionOptions: VerifySessionOptions | undefined;        options: APIOptions;    }): Promise<void>;}

Supporting Types#

interface APIOptions {    recipeImplementation: RecipeInterface;    config: TypeNormalisedInput;    recipeId: string;    isInServerlessEnv: boolean;    req: Request;    res: Response;    next: NextFunction;}
interface VerifySessionOptions {    antiCsrfCheck?: boolean;    sessionRequired?: boolean;}
Which frontend SDK do you use?
supertokens-web-js / mobile