Skip to main content
Which UI do you use?
Custom UI
Pre built UI

Working with multiple API endpoints

To enable use of sessions for multiple API endpoints, you need to use the sessionTokenBackendDomain config on the frontend and cookieDomain on the backend Session.init function call.

important
  • All your API endpoints must have the same top level domain. For example, they can be {"api.example.com", "api2.example.com"}, but they cannot be {"api.example.com", "api.otherdomain.com"}.
  • sessionTokenBackendDomain in the frontend config must match the cookieDomain set in the backend config.

Step 1) Backend config#

You need to set the sessionTokenBackendDomain value to be the common top level domain. For example, if your API endpoints are {"api.example.com", "api2.example.com", "api3.example.com"}, the common portion of these endpoints is ".example.com" (The dot is important). So you would need to set the following:

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
supertokens: {
connectionURI: "...",
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
cookieDomain: ".example.com",
})
]
});

The above will set the session cookies' domain to .example.com, allowing them to be sent to *.example.com.

note

Whilst the cookieDomain can start with a leading ., the value of the apiDomain in appInfo must point to an exact API domain only. This should be the API in which you want to expose all the auth related endpoints (for example /auth/signin).

For local development, you should not set the cookieDomain to an IP address based domain, or .localhost - browsers will reject these cookies. Instead, you should alias localhost to a named domain and use that.

Step 2) Frontend config#

You need to set the same value for sessionTokenBackendDomain on the frontend. This will allow the frontend SDK to apply interception and automatic refreshing across all your API calls:

import SuperTokens from "supertokens-auth-react";
import Session from "supertokens-auth-react/recipe/session";

SuperTokens.init({
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
sessionTokenBackendDomain: ".example.com"
})
]
});
Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI