Tesseral for Express.js
Add B2B auth support to your Express.js app in just a few lines of code.
Tesseral’s Express SDK lets you add authentication to your Express.js backend.
Getting Started
Install the Tesseral Express SDK by running:
Then, in the file where you create your Express server, apply the requireAuth middleware:
Replace publishable_key_... with your project’s Publishable Key. You can find
it in the API Keys
Settings of the
Tesseral Console.
Once you’ve added requireAuth, all HTTP requests to your server will be
authenticated. Inauthentic requests will receive a 401 Unauthorized error
before they reach your route handlers.
Accessing details about the authenticated request
The Tesseral middleware attaches information about the authenticated request
directly to req. Use the helper functions from @tesseral/tesseral-express to
access this data.
Getting the current Organization
To access the Organization the request is for, use organizationId(req):
This is the most common identifier you’ll use in a B2B SaaS application.
Getting the request’s authenticated credentials
Anywhere your code wants to forward along the request’s credentials, use
credentials(req):
Do not log or expose this value. You usually don’t need to use this unless you’re building internal service-to-service calls.
Getting details about the current User
To access extra details about the authenticated User, use
accessTokenClaims(req):
accessTokenClaims returns an
AccessTokenClaims,
which contains details about the current Session ID, User, and Organization.
A future version of the Tesseral SDK will add support for API Keys-as-a-Service.
In the future, accessTokenClaims may return an error if the request isn’t from
one of your Users, but instead from one of their API Keys.
We recommend that you mostly use organizationId(req) in the vast majority of
your code; that is almost always the correct piece of information for most B2B
SaaS code should pay attention to. For more details, see B2B
Multitenancy.