Skip to main content

Backend Integration (5 mins)

  • For framework specific implementation (like Next.js), please skip this section and go directly to the section with the name of your framework.
  • For serverless deployment, please see the "Serverless Deployment" section instead

An example implementation can be found here.#

1️) Install#

npm i -s supertokens-node

2️) Call the init function#

At the top of your index.js file, add the following code.

  • Please make sure to replace all the appInfo configurations values with yours.
  • To learn more about filling in appInfo, please visit the appInfo page
let supertokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");let EmailPassword = require("supertokens-node/recipe/emailpassword");
supertokens.init({    supertokens: {        connectionURI: "",    },    appInfo: {        // learn more about this on        appName: "YOUR APP NAME", // Example: "SuperTokens",        apiDomain: "YOUR API DOMAIN", // Example: "",        websiteDomain: "YOUR WEBSITE DOMAIN" // Example: ""    },    recipeList: [        EmailPassword.init(), // initializes signin / sign up features         Session.init() // initializes session features    ]});

We used as the connectionURI above. This is a Core that we are hosting for the demo app.

You can continue to use this for as long as you like, but once you are more committed to using SuperTokens, you will need to run a Core dedicated for your app.

3️) Add the SuperTokens middleware & CORS setup#

Add the middleware BEFORE all your routes.

let cors = require("cors");let supertokens = require("supertokens-node");
supertokens.init({...}) // from step 2
let app = express();
// ...other middlewaresapp.use(cors({    origin: websiteUrl,    allowedHeaders: ["content-type", ...supertokens.getAllCORSHeaders()],    credentials: true,}));
// ...your API routes

This middleware adds a few APIs (see all the APIs here):

  • POST /auth/signup: For signing up a user with email & password
  • POST /auth/signin: For signing in a user with email & password

/auth/ is a base path that can be changed if you want.


Please carefully set your CORS rules. It is very important to explicitly set a list of allowed origins, if your app allows for it.

4️) Add the SuperTokens error handler#

Add the errorHandler AFTER all your routes, but BEFORE your own error handler

// ...your API routes
// your own error handlerapp.use((err, req, res, next) => {...});

5️) Test if sign up is setup correctly#

  • Go to the /auth route of your website
  • Try to sign up.
  • If after signing up, you are redirected to /, everything is setup correctly 😁
  • If not, you can always ask for help via Github issues or via our Discord

6️) Add session verification#

For your APIs that require a user to be logged in, use the verifySession middleware:

let Session = require("supertokens-node/recipe/session");"/like-comment", Session.verifySession(), (req, res) => {
    let userId = req.session.getUserId();    //....});

Minimum setup completed 🎉🥳#

Congratulations! You now have a fully functional login and session system!

The next steps is to setup your SuperTokens core instance.