Backend Integration

To authenticate your endpoints, you need to send the user’s access token in the headers of the request to your server, and then make a request to Stack’s server API to verify the user’s identity.

Sending requests to your server endpoints

To authenticate your own server endpoints using Stack’s server API, you need to protect your endpoints by sending the user’s access token in the headers of the request.

On the client side, you can retrieve the access token from the user object by calling user.getAuthJson(). This will return an object containing accessToken.

Then, you can call your server endpoint with these two tokens in the headers, like this:

1
const { accessToken } = await user.getAuthJson();
2
const response = await fetch('/api/users/me', {
3
  headers: {
4
    'x-stack-access-token': accessToken,
5
  },
6
  // your other options and parameters
7
});

Authenticating the user on the server endpoints

On the server side, you can extract the access token from the headers of the request and use it to authenticate the user with the REST API.

1
const url = 'https://api.stack-auth.com/api/v1/users/me';
2
const headers = {
3
  'x-stack-access-type': 'server',
4
  'x-stack-project-id': 'generated on the Stack Auth dashboard',
5
  'x-stack-secret-server-key': 'generated on the Stack Auth dashboard',
6
  'x-stack-access-token': 'access token from the headers',
7
};
8
9
fetch(url, { headers })
10
  .then(response => response.json())
11
  .then(data => {
12
    if (data.id) {
13
      console.log('User is authenticated');
14
    } else {
15
      console.log('User is not authenticated');
16
    }
17
  });