Add API keys
Overview
The backend SDK uses API keys to authenticate requests to the SuperTokens core.
By default, there is no API key required. If you add an API key to the core's configuration or use the managed service, you need to add it to your backend SDK code. Otherwise, the core throws a 401
error.
Before you start
This page is only relevant if you are self hosting SuperTokens.
Steps
1. Add the key to the core instance
You can set the API by updating the instance parameters.
docker run \
-p 3567:3567 \
-e API_KEYS=<TO_DO> \
-d registry.supertokens.io/supertokens/supertokens-<db_name>
- The format of the value is
key1,key2,key3
. - Keys can only contain
=
,-
and alpha-numeric (including capital) chars. - Each key must have a minimum length of 20 chars
- An example value is
"Akjnv3iunvsoi8=-sackjij3ncisds,asnj9=asdcda-OI982JIUN=-a"
. Notice the,
in the string which separates the two keys"Akjnv3iunvsoi8=-sackjij3ncisds"
and"asnj9=asdcda-OI982JIUN=-a"
. In the backend SDK, you should only provide one of these keys.
info
The reason for having multiple API keys is that it allows for key rotation to occur gradually if you have multiple backend systems querying the core.
2. Add the key to your backend code
Update the backend SDK initialization code to include the API key.
import supertokens from "supertokens-node";
supertokens.init({
supertokens: {
connectionURI: "<CONNECTION_URI>",
apiKey: "<API_KEY>"
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: []
});