Skip to main content

Adding API Keys

important

This is only relevant if you are running the SuperTokens core on your own.

API keys are used to authenticate requests made from the backend SDK to the SuperTokens core.

By default, there is no API key required. If you add an API key to the core's config or are using the managed service, then, you will need to add it to your backend SDK code, else the core will throw a 401 error

Step 1) Add to the core#

Adding API keys to the core is as simple as setting an extra param.

 docker run \
-p 3567:3567 \
-e API_KEYS=<TO_DO> \
-d registry.supertokens.io/supertokens/supertokens-<db_name>
  • The format of the value is key1,key2,key3.
  • Keys can only contain =, - and alpha-numeric (including capital) chars.
  • Each key must have a minimum length of 20 chars
  • An example value is "Akjnv3iunvsoi8=-sackjij3ncisds,asnj9=asdcda-OI982JIUN=-a". Notice the , in the string which separates the two keys "Akjnv3iunvsoi8=-sackjij3ncisds" and "asnj9=asdcda-OI982JIUN=-a". In the backend SDK, you should only provide one of these keys.
info

The reason we have multiple API keys is that it allows for key rotation to take place in a gradual way if you have multiple backend systems querying the core.

Step 2) Add to your backend code#

Adding the API key to the backend is as simple as setting the apiKey param in the config.

import supertokens from "supertokens-node";

supertokens.init({
supertokens: {
connectionURI: "<CONNECTION_URI>",
apiKey: "<API_KEY>"
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: []
});
Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react