Skip to main content

If you are using our backend SDK that is lesser than the following versions, please visit the older documentation link here.

4. Session verification / Building your APIs

CAUTION

This guide only applies to scenarios which involve SuperTokens Session Access Tokens.

If you are implementing either, Unified Login or Microservice Authentication, features that make use of OAuth2 Access Tokens, please check the separate page that shows you how to verify those types of tokens.

For this guide, we will assume that we want an API /.netlify/functions/user GET which returns the current session information.

1) Create a new file netlify/functions/user.js#

An example of this is here.

2) Call the supertokens.init function#

Remember that whenever we want to use any functions from the supertokens-node lib, we have to call the supertokens.init function at the top of that serverless function file.

netlify/functions/user.ts
import supertokens from "supertokens-node";
import { getBackendConfig } from "../../config/supertokensConfig";

supertokens.init(getBackendConfig())

3) Use session verification with your API handler#

We use the verifySession() middleware to verify a session.

netlify/functions/user.ts
import supertokens from "supertokens-node";
import { verifySession } from "supertokens-node/recipe/session/framework/awsLambda";
import { SessionEvent } from "supertokens-node/framework/awsLambda"
import middy from "@middy/core";
import cors from "@middy/http-cors";
import { getBackendConfig } from "../../config/supertokensConfig";

supertokens.init(getBackendConfig());

const handler = async (event: SessionEvent) => {
return {
body: JSON.stringify({
sessionHandle: event.session!.getHandle(),
userId: event.session!.getUserId(),
accessTokenPayload: event.session!.getAccessTokenPayload(),
}),
};
};

module.exports.handler = middy(verifySession(handler)).use(
cors({
origin: getBackendConfig().appInfo.websiteDomain,
credentials: true,
headers: ["Content-Type", ...supertokens.getAllCORSHeaders()].join(", "),
methods: "OPTIONS,POST,GET,PUT,DELETE",
})
).onError(request => {
throw request.error;
});
Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI