Prerequisites

Skip the tutorial

Don’t want to read the tutorial? Click this to get an example ready to test.

Creating an express server

1

Create express application

First run the following:

mkdir unkey-with-express
npm init -y
npm install cors dotenv express ts-node
npm install -D @types/cors @types/express ts-node-dev typescript

Then update your package.json to have the following

"scripts": {
    "start": "ts-node ./index.ts",
    "build": "tsc",
    "serve": "node dist/index.js"
  },
2

Install

Now install the @unkey/api package

npm install @unkey/api
3

Creating the server

Create a file called server.ts and add the following code

server.ts
import express, { Request, Response, Application } from 'express';
import dotenv from 'dotenv';
import { verifyKey } from '@unkey/api';
//For env File
dotenv.config();

const app: Application = express();
const port = process.env.PORT || 8000;
const apiId = process.env.UNKEY_API_ID // copy this from the dashboard

app.get('/', (req: Request, res: Response) => {
  res.send('Welcome to Express & TypeScript Server');
});

// This endpoint is protected by Unkey
app.get('/secret', async (req: Request, res: Response) => {
  const authHeader = req.headers["authorization"]
  const key = authHeader?.toString().replace("Bearer ", "");
  if (!key) {
    return res.status(401).send("Unauthorized")
  }

  const { result, error } = await verifyKey({ key, apiId });
  if (error) {
    // This may happen on network errors
    // We already retry the request 5 times, but if it still fails, we return an error
    console.error(error);
    res.status(500);
    return res.status(500).send("Internal Server Error")
  }

  if (!result.valid) {
    res.status(401);
    return res.status(401).send("Unauthorized")
  }

  return res.status(200).send(JSON.stringify(result));
})
app.listen(port, () => {
  console.log(`Server is listening at http://localhost:${port}`);
});
4

Running the server

npm run start
5

Try it out

Go to https://app.unkey.com and create a new key. Then verify it with our new server:

curl 'http://localhost:8000/secret' \
  -H 'Authorization:Bearer <YOUR_KEY>'

It should return {"keyId":"key_id","valid":true,"meta":{},"enabled":true,"permissions":[],"code":"VALID"} and potentially more information about the key, depending on what you set up in the dashboard.

What is next?

Now that you’ve seen the power of Unkey, check out some resources below to continue your journey.