Getting Started

Overview

The Circle Auth SDK provides a secure and efficient way to handle member authentication and token management in your server-side applications. The SDK exposes four main functions, allowing you to obtain, refresh, and revoke member access tokens securely.

This SDK was designed to be used on the server to avoid exposing your app token.

Do not run or expose any of these authentication functions in your client-side codebase.

Generate your API Token

Your API Token identifies your community within Circle's server and enables you to perform administrative tasks, such as handling community data or generating new content.

Follow this guide for instructions on how to generate your API Token.

IMPORTANT: The API Token should be named `Headless` so Auth APIs can work correctly.

Security Best Practices

Keep your API Token secure by not exposing it to the client side. This SDK was designed to run on the server side to protect sensitive information.
Securely store members’ access_token and refresh_token and use them for authenticated requests to our Headless Member API.
Reinforce the authentication process’ security by refreshing the access tokens regularly.
Revoking access_token and refresh_token whenever a member logs out or when the tokens are no longer needed can prevent unauthorized access.

Error Handling

Calls to the SDK functions will return a Success response with the desired data or an error response if something goes wrong. Ensure errors are handled appropriately by providing the user with meaningful error messages whenever necessary.

Last updated 4 months ago