Skip to main content

Creating Session Tokens

Session tokens are short-lived, user-scoped versions of an API key that grant limited access to the Warrant API for a single user. They must be generated server-side but can be shared with client applications to allow them to directly perform access control checks against the Warrant API. This guide will show you how to generate session tokens using your preferred server-side Warrant SDK.


We recommend generating session tokens for your users during your login/sign-up flow. Once a token is generated, you can return it to your client application along with any other information required for your normal login/sign-up process.


Install the Warrant SDK for your server-side language


npm install @warrantdev/warrant-node


const Warrant = require("@warrantdev/warrant-node");
const warrantClient = new Warrant.Client("YOUR_KEY");

Usage (ES Modules)

import { Client as WarrantClient } from "@warrantdev/warrant-node";
const warrantClient = new WarrantClient("YOUR_KEY");

Create a Session Token

The Warrant SDK allows you to easily create session tokens. Two things are required to create valid session tokens for your users:

  1. A valid API key
  2. The userId of the user the session token is being created for. This is the identifier you assigned for the user in Warrant (we recommend using the same identifier you use in your system).

Using async/await

// NOTE: userId is the id of the authenticated user in your application
const sessionToken = await warrantClient.createSession(userId);

Using Promises

// NOTE: userId is the id of the authenticated user in your application
.then((sessionToken) => console.log(sessionToken))
.catch((error) => console.log(error));