Introduction
next-api-layer is a production-grade API layer for Next.js applications that use external JWT backends like Laravel, Django, .NET, Go, or Express.
The Problem#
When building Next.js applications with an external backend (not Next.js API routes), you face several challenges:
- Token Management: Handling JWT tokens, refresh tokens, and expiration
- Cookie Security: Setting up httpOnly, secure, sameSite cookies properly
- Guest Sessions: Managing anonymous user sessions
- Security: XSS protection, CSRF tokens, rate limiting
- Internationalization: Passing locale headers to the backend
The Solution#
next-api-layer solves all of these in a single, well-architected package:
TypeScript
Loading...
Key Features#
- Automatic Token Handling: Validate, refresh, and manage JWT tokens automatically
- Guest Token Support: Seamless anonymous user experience
- XSS Protection: Built-in response sanitization
- CSRF Protection: Configurable CSRF token validation
- Rate Limiting: Protect your proxy from abuse
- Audit Logging: Track all authentication events
- TypeScript First: Full type safety with comprehensive definitions
- Framework Agnostic: Works with any JWT-speaking backend
Quick Example#
TypeScript
Loading...
TypeScript
Loading...
That's it. Your Next.js app now has a secure, production-ready authentication layer.
Next Steps#
- Installation - Get started in minutes
- Quick Start - Build your first authenticated app
- How It Works - Understand the architecture