|
| 1 | +--- |
| 2 | +title: Access Tokens |
| 3 | +description: Grant to your users, devices, tenant, access to SQLite Cloud database and services. |
| 4 | +category: platform |
| 5 | +status: publish |
| 6 | +slug: access-tokens |
| 7 | +--- |
| 8 | + |
| 9 | +# Access Token API |
| 10 | + |
| 11 | +Access Tokens let backend systems securely grant users, devices, tenants, etc. access to SQLite Cloud database and services (SQLite Sync, Weblite, etc.). These endpoints enable full token lifecycle management: creation, inspection, validation, update, and revocation. All endpoints require authentication. Use an **API Key** or an **Access Token** via the `Authorization` header. |
| 12 | + |
| 13 | +API Documentation can be found in the **Weblite** section in the [Dashboard](https://dashboard.sqlitecloud.io). |
| 14 | + |
| 15 | +--- |
| 16 | + |
| 17 | +In the repository on GitHub [sqlitecloud/examples](https://github.com/sqlitecloud/examples), we created a simple app to demonstrate how to generate and use Access Tokens. |
| 18 | + |
| 19 | +We’ll log in with Google, grab a token, and use it to interact with SQLite Cloud Weblite APIs. Here’s how it works. |
| 20 | + |
| 21 | +## Generate a new Access Token |
| 22 | + |
| 23 | +In the snippet below, we handle the Google Login callback when the user has completed the login on Google. Here, you can exchange the `code` with the Google Access Token and then decide what to do with it as needed. |
| 24 | + |
| 25 | +```typescript |
| 26 | +if (pathname === "/auth/callback") { |
| 27 | + const q = query; |
| 28 | + if (q.state !== STATE || !q.code) { |
| 29 | + return send(res, 400, "Invalid state or missing code"); |
| 30 | + } |
| 31 | + |
| 32 | + try { |
| 33 | + // Exchange code for tokens |
| 34 | + // Store the Google Token in the database |
| 35 | + const googleToken = await getGoogleTokens(q.code as string); |
| 36 | + ... |
| 37 | +``` |
| 38 | +
|
| 39 | +Now we have authenticated the user, we are ready to request SQLite Cloud to create a new SQLite Cloud Access Token to assign to the this user. |
| 40 | +
|
| 41 | +```typescript |
| 42 | +async function getSQLiteCloudToken(userId: string) { |
| 43 | + const payload = { |
| 44 | + name: "test-user-token", // A name for the token, can be anything you want |
| 45 | + userId, |
| 46 | + expiresAt: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(), // expires in 24 hours |
| 47 | + }; |
| 48 | + |
| 49 | + const res = await fetch(SQLITE_CLOUD_API_TOKENS, { |
| 50 | + method: "POST", |
| 51 | + headers: { |
| 52 | + Authorization: `Bearer ${SQLITE_CLOUD_API_KEY}`, |
| 53 | + "Content-Type": "application/json", |
| 54 | + }, |
| 55 | + body: JSON.stringify(payload), |
| 56 | + }); |
| 57 | + if (!res.ok) { |
| 58 | + throw new Error(`Failed to create SQLite Cloud token: ${res.statusText}`); |
| 59 | + } |
| 60 | + |
| 61 | + return res.json(); |
| 62 | +} |
| 63 | +``` |
| 64 | +
|
| 65 | +In the response JSON, the `data.token` field contains the Access Token. |
| 66 | +
|
| 67 | +Finally, the user is authorized to securely access SQLite Cloud services like the Weblite API to perform a query on the database: |
| 68 | +
|
| 69 | +```typescript |
| 70 | +const res = await fetch(sqliteCloudApiQuery, { |
| 71 | + method: "POST", |
| 72 | + headers: { |
| 73 | + Authorization: "Bearer " + sqliteCloudToken, |
| 74 | + "Content-Type": "application/json", |
| 75 | + }, |
| 76 | + body: JSON.stringify({ |
| 77 | + sql: "USE DATABASE chinook.sqlite;SELECT * FROM artists LIMIT 10;", |
| 78 | + }), |
| 79 | +}); |
| 80 | +... |
| 81 | +``` |
| 82 | +
|
| 83 | +The results depend on the [Row Level Security](https://) you enabled for the tables. |
0 commit comments