API Keys
Express
Authentication for your Express server
Prerequisites
- Created your Unkey account
- Created an API in the Unkey dashboard
Skip the tutorial
Don’t want to read the tutorial? Click this to get an example ready to test.
Creating an express server
1
Create express application
First run the following:
mkdir unkey-with-express
npm init -y
npm install cors dotenv express ts-node
npm install -D @types/cors @types/express ts-node-dev typescript
Then update your package.json to have the following
"scripts": {
"start": "ts-node ./index.ts",
"build": "tsc",
"serve": "node dist/index.js"
},
2
Install
Now install the @unkey/api
package
npm install @unkey/api
3
Creating the server
Create a file called server.ts
and add the following code
server.ts
import express, { Request, Response, Application } from 'express';
import dotenv from 'dotenv';
import { verifyKey } from '@unkey/api';
//For env File
dotenv.config();
const app: Application = express();
const port = process.env.PORT || 8000;
app.get('/', (req: Request, res: Response) => {
res.send('Welcome to Express & TypeScript Server');
});
// This endpoint is protected by Unkey
app.get('/secret', async (req: Request, res: Response) => {
const authHeader = req.headers["authorization"]
const key = authHeader?.toString().replace("Bearer ", "");
if (!key) {
return res.status(401).send("Unauthorized")
}
const { result, error } = await verifyKey(key);
if (error) {
// This may happen on network errors
// We already retry the request 5 times, but if it still fails, we return an error
console.error(error);
res.status(500);
return res.status(500).send("Internal Server Error")
}
if (!result.valid) {
res.status(401);
return res.status(401).send("Unauthorized")
}
return res.status(200).send(JSON.stringify(result));
})
app.listen(port, () => {
console.log(`Server is listening at http://localhost:${port}`);
});
4
Running the server
npm run start
5
Try it out
Go to https://app.unkey.com and create a new key. Then verify it with our new server:
curl 'http://localhost:8000/secret' \
-H 'Authorization:Bearer <YOUR_KEY>'
It should return {"keyId":"key_id","valid":true,"meta":{},"enabled":true,"permissions":[],"code":"VALID"}
and potentially more information about the key, depending on what you set up in the dashboard.
What is next?
Now that you’ve seen the power of Unkey, check out some resources below to continue your journey.