Optimize your setup
For developers looking to optimize their Privy integration, we have a few key features that should help fine-tune the performance your setup.
Manually set a verification key for authorization
When verifying a Privy access token to authorize requests to your servers, by default the Privy Client’s verifyAuthToken
method will make a request to Privy’s API to fetch the verification key for your app. Although it is cached for reuse, you can avoid this API request entirely by copying your verification key from the Configuration > App settings > Basics tab of the Dashboard, under “Verify with key instead”, and passing it as a second parameter to verifyAuthToken
:
If you ever rotate your verification key, you will have to update this, but this will remove any network dependency on Privy for token verification.
Get user data with identity tokens
If you need access to the user object, especially on the server, this can be a costly action. To remove a network call from your critical path, we recommend using Privy’s identity tokens, which include the latest user information in token form. While it does not have the full user details (it omits certain lesser-needed fields for efficiency), it should have what you need to get started quickly.
Set a custom API URL for HttpOnly
cookies (react-auth
only)
In the case where you have set up and enabled HttpOnly
cookies, on initial page load, the Privy SDK will start by making a call to fetch app details on our default https://auth.privy.io
API URL. In HttpOnly
cookie mode however, all your requests are routed through https://privy.<customdomain.com>
. To avoid an occasional extra call on page load, we recommend explicitly setting the apiUrl
in your PrivyProvider
:
Note that this has a risk - if you are ever disabling HttpOnly
cookies, you will need to remove this in order for your app to continue functioning properly. For a smooth transition, first remove the apiUrl
, deploy, and then disable HttpOnly cookies.
Was this page helpful?