Documentation Index
Fetch the complete documentation index at: https://docs.crossmint.com/llms.txt
Use this file to discover all available pages before exploring further.
Crossmint Auth is designed for staging and moving fast. For production applications,
Crossmint strongly recommends connecting your own authentication provider for full control
over user management. See the Bring Your Own Auth guide. @crossmint/server-sdk.
When initializing the server SDK, configure secure cookie options:
import { createCrossmint, CrossmintAuth } from "@crossmint/server-sdk";
const crossmint = createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY });
const crossmintAuth = CrossmintAuth.from(crossmint, {
cookieOptions: {
httpOnly: true,
secure: true, // Only send cookies over HTTPS
domain: ".yourdomain.com", // Optional: specify cookie domain
},
});
httpOnly flag only applies to the refresh token. The session JWT remains accessible to client-side JavaScript since it’s needed for API calls.
2. Custom Routes Implementation
Token Refresh Route
Next.js (App Router)
Express.js
import { createCrossmint, CrossmintAuth } from "@crossmint/server-sdk";
import { NextRequest } from "next/server";
const crossmint = createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY! });
const crossmintAuth = CrossmintAuth.from(crossmint);
export async function POST(request: NextRequest) {
return await crossmintAuth.handleCustomRefresh(request);
}
import express from "express";
import { createCrossmint, CrossmintAuth } from "@crossmint/server-sdk";
const app = express()
const crossmint = createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY! });
const crossmintAuth = CrossmintAuth.from(crossmint);
app.post("/api/auth/refresh", async (req, res) => {
await crossmintAuth.handleCustomRefresh(req, res);
res.end();
});
Logout Route
Next.js (App Router)
Express.js
import { createCrossmint, CrossmintAuth } from "@crossmint/server-sdk";
import { NextRequest } from "next/server";
const crossmint = createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY! });
const crossmintAuth = CrossmintAuth.from(crossmint);
export async function POST(request: NextRequest) {
return await crossmintAuth.logout(request);
}
import express from "express";
import { createCrossmint, CrossmintAuth } from "@crossmint/server-sdk";
const app = express()
const crossmint = createCrossmint({ apiKey: process.env.SERVER_CROSSMINT_API_KEY! });
const crossmintAuth = CrossmintAuth.from(crossmint);
app.post("/api/auth/logout", async (req, res) => {
await crossmintAuth.logout(req, res);
res.end();
});
3. Client Configuration
Configure the client SDK to use your custom routes:
import { createCrossmint, CrossmintAuth } from "@crossmint/client-sdk-auth";
const crossmint = createCrossmint({ apiKey: process.env.NEXT_PUBLIC_CLIENT_CROSSMINT_API_KEY! });
const crossmintAuth = CrossmintAuth.from(crossmint, {
refreshRoute: "/api/auth/refresh",
logoutRoute: "/api/auth/logout"
});
import { CrossmintProvider, CrossmintAuthProvider } from "@crossmint/client-sdk-react-ui";
<CrossmintProvider apiKey={process.env.NEXT_PUBLIC_CLIENT_CROSSMINT_API_KEY ?? ""}>
<CrossmintAuthProvider
refreshRoute="/api/auth/refresh"
logoutRoute="/api/auth/logout"
>
{children}
</CrossmintAuthProvider>
</CrossmintProvider>
refreshRoute and logoutRoute options.
