Articles on: Developer FAQ

How to secure your API with Magic

There are a couple of ways to secure your API using Magic:

You can generate a DID token client-side using magic's getIdToken sdk method. Then send that in the authorization header to your API, where you'll call our validate(didToken) function on the token generated client-side. By default the tokens are valid for 15 minutes but you can pass in a lifespan parameter to set any expiration date you'd like.

Manage your own sessions by issuing a cookie/JWT after a user completes a login. Verify the cookie/ JWT on each request to the server since your server will have signed the token with a secret. If you have any questions, please refer to this detailed explanation:

Updated on: 03/12/2021

Was this article helpful?

Share your feedback


Thank you!