The Stytch Node library makes it easy to use the Stytch user infrastructure API in server-side JavaScript applications.
It pairs well with the Stytch Web SDK or your own custom authentication flow.
This library is tested with all current LTS versions of Node - 18, and 20.
npm install stytch
# or
yarn add stytch
You can find your API credentials in the Stytch Dashboard.
This client library supports all of Stytch's live products:
B2C
- Email Magic Links
- Embeddable Magic Links
- OAuth logins
- SMS passcodes
- WhatsApp passcodes
- Email passcodes
- Session Management
- WebAuthn
- User Management
- Time-based one-time passcodes (TOTPs)
- Crypto wallets
- Passwords
B2B
- Organizations
- Members
- RBAC
- Email Magic Links
- OAuth logins
- Session Management
- Single-Sign On
- Discovery
- Passwords
- SMS OTP (MFA)
- M2M
Shared
Create an API client:
const stytch = require("stytch");
// Or as an ES6 module:
// import * as stytch from "stytch";
const client = new stytch.Client({
project_id: "project-live-c60c0abe-c25a-4472-a9ed-320c6667d317",
secret: "secret-live-80JASucyk7z_G8Z-7dVwZVGXL5NT_qGAQ2I=",
});
Send a magic link by email:
client.magicLinks.email
.loginOrCreate({
email: "sandbox@stytch.com",
login_magic_link_url: "https://example.com/authenticate",
signup_magic_link_url: "https://example.com/authenticate",
})
.then((res) => console.log(res))
.catch((err) => console.error(err));
Authenticate the token from the magic link:
client.magicLinks
.authenticate({ token: "DOYoip3rvIMMW5lgItikFK-Ak1CfMsgjuiCyI7uuU94=" })
.then((res) => console.log(res))
.catch((err) => console.error(err));
Create an API client:
const stytch = require("stytch");
// Or as an ES6 module:
// import * as stytch from "stytch";
const client = new stytch.B2BClient({
project_id: "project-live-c60c0abe-c25a-4472-a9ed-320c6667d317",
secret: "secret-live-80JASucyk7z_G8Z-7dVwZVGXL5NT_qGAQ2I=",
});
Create an organization
client.organizations
.create({
organization_name: "Acme Co",
organization_slug: "acme-co",
email_allowed_domains: ["acme.co"],
})
.then((res) => console.log(res))
.catch((err) => console.error(err));
Log the first user into the organization
client.magicLinks
.loginOrSignup({
organization_id: "organization-id-from-create-response-...",
email_address: "admin@acme.co",
})
.then((res) => console.log(res))
.catch((err) => console.error(err));
This package includes TypeScript declarations for the Stytch API.
Request and response types will always follow the format $Vertical$Product$Method(Request|Response)
-
for example the B2BMagicLinksAuthenticateRequest
maps to the B2B
Authenticate Magic Link endpoint, while the
B2CMagicLinksAuthenticateRequest
maps to the B2C Authenticate Magic Link endpoint.
Stytch errors always include an error_type
field you can use to identify them:
client.magicLinks
.authenticate({ token: "not-a-token!" })
.then((res) => console.log(res))
.catch((err) => {
if (err.error_type === "invalid_token") {
console.log("Whoops! Try again?");
}
});
Learn more about errors in the docs.
The Stytch client uses undici, the Node fetch implementation. You can pass a custom undici Dispatcher
to the client for use in requests.
For example, you can enable HTTPS Keep-Alive to avoid the cost of establishing a new connection with the Stytch servers on every request.
const dispatcher = new undici.Agent({
keepAliveTimeout: 6e6, // 10 minutes in MS
keepAliveMaxTimeout: 6e6, // 10 minutes in MS
});
const client = new stytch.Client({
project_id: "project-live-c60c0abe-c25a-4472-a9ed-320c6667d317",
secret: "secret-live-80JASucyk7z_G8Z-7dVwZVGXL5NT_qGAQ2I=",
dispatcher,
});
See example requests and responses for all the endpoints in the Stytch API Reference.
Follow one of the integration guides or start with one of our example apps.
If you've found a bug, open an issue!
If you have questions or want help troubleshooting, join us in Slack or email support@stytch.com.
If you've found a security vulnerability, please follow our responsible disclosure instructions.
See DEVELOPMENT.md
Everyone interacting in the Stytch project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.