Authorizing requests from your frontend
When your frontend makes a request to your backend, you should include the current user's Privy Auth token in the request, to identify the user making the request and to confirm that they have successfully authenticated with your app.
Getting the auth token
You can get the current user's Privy Auth token as a string using the getAccessToken
method from the usePrivy
hook.
const { getAccessToken } = usePrivy();
const authToken = await getAccessToken();
For a user who is authenticated, getAccessToken
returns a Promise on valid auth token for the user. The method will automatically refresh the user's auth token if the token is expired or is close to expiring.
For a user who is not authenticated, getAccessToken
returns null
.
Attaching the auth token to a request
Once you have the current user's Privy Auth token, you can then include the token in your request's authorization header.
For example, on a fetch request, you might include the user's auth token as follows:
const authToken = await getAccessToken();
const response = await fetch(<your-api-route>, {
method: <your-request-method>
body: <your-request-body>,
headers: {
'Authorization': `Bearer ${authToken}`,
/* Add any other request headers you'd like */
}
});