Prerequisites

Skip the tutorial

Don’t want to read the tutorial? Click this to get an example ready to test.

Creating an express server

1

Create express application

First run the following:
mkdir unkey-with-express
npm init -y
npm install cors dotenv express ts-node
npm install -D @types/cors @types/express ts-node-dev typescript
Then update your package.json to have the following
"scripts": {
    "start": "ts-node ./index.ts",
    "build": "tsc",
    "serve": "node dist/index.js"
  },
2

Install

Now install the @unkey/api package
npm install @unkey/api@0.35
3

Creating the server

Create a file called server.ts and add the following code
server.ts
import express, { Request, Response, Application } from 'express';
import dotenv from 'dotenv';
import { verifyKey } from '@unkey/api';
//For env File
dotenv.config();

const app: Application = express();
const port = process.env.PORT || 8000;
const apiId = process.env.UNKEY_API_ID // copy this from the dashboard

app.get('/', (req: Request, res: Response) => {
  res.send('Welcome to Express & TypeScript Server');
});

// This endpoint is protected by Unkey
app.get('/secret', async (req: Request, res: Response) => {
  const authHeader = req.headers["authorization"]
  const key = authHeader?.toString().replace("Bearer ", "");
  if (!key) {
    return res.status(401).send("Unauthorized")
  }

  const { result, error } = await verifyKey({ key, apiId });
  if (error) {
    // This may happen on network errors
    // We already retry the request 5 times, but if it still fails, we return an error
    console.error(error);
    res.status(500);
    return res.status(500).send("Internal Server Error")
  }

  if (!result.valid) {
    res.status(401);
    return res.status(401).send("Unauthorized")
  }

  return res.status(200).send(JSON.stringify(result));
})
app.listen(port, () => {
  console.log(`Server is listening at http://localhost:${port}`);
});
4

Running the server

npm run start
5

Try it out

Go to https://app.unkey.com and create a new key. Then verify it with our new server:
curl 'http://localhost:8000/secret' \
  -H 'Authorization:Bearer <YOUR_KEY>'
It should return {"keyId":"key_id","valid":true,"meta":{},"enabled":true,"permissions":[],"code":"VALID"} and potentially more information about the key, depending on what you set up in the dashboard.

What is next?

Now that you’ve seen the power of Unkey, check out some resources below to continue your journey.

Discord

Join our Discord to chat with us and the community

Unkey API Reference

Learn about our API that helps you manage APIs, keys, ratelimits and analytical data.

SDKs

Check out our SDKs and how they fit into your Express application.