Session tokens are short-lived, user-scoped versions of an API key that grant limited access to the Warrant API for a single user. They must be generated server-side but can be shared with client applications to allow them to directly perform access control checks against the Warrant API. This guide will show you how to generate session tokens.
We recommend generating session tokens for your users during your login/sign-up flow. Once a token is generated, you can return it to your client application along with any other information required for your normal login/sign-up process.
Install the Warrant SDK for your server-side language
npm install @warrantdev/warrant-node
The Warrant SDK allows you to easily create session tokens. Two things are required to create valid session tokens for your users:
- A valid API key
userIdof the user the session token is being created for. This is the identifier you assigned for the user in Warrant (we recommend using the same identifier you use in your system).
curl "https://api.warrant.dev/v1/users/d6ed6474-784e-407e-a1ea-42a91d4c52b9/sessions" \ -X POST \ -H "Authorization: ApiKey YOUR_KEY"
const Warrant = require("warrant-node");const warrantClient = new Warrant.Client("api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E="); // NOTE: userId is the id of the authenticated user in your application //// Using async/await//const sessionToken = await warrantClient.createSession(userId); //// Using Promises//warrantClient .createSession(userId) .then((sessionToken) => console.log(sessionToken)) .catch((error) => console.log(error));