API Client Configuration
The createApiClient function creates a server-side API client that works seamlessly with the auth proxy. It handles token management, request sanitization, and proper error formatting.
Basic Setup#
Using the API Client#
In API Routes#
Available Methods#
Configuration Options#
apiBaseUrl#
Required - Backend API base URL.
cookies#
Required - Must match the cookie names in your auth proxy.
sanitization#
XSS protection for response data.
Default Sanitization
By default, all string values in responses are sanitized:
i18n#
Automatically append locale to API requests. Works with the x-locale header set by the auth proxy.
When enabled, the API client:
- Reads the
x-localeheader (set by auth proxy middleware) - Validates it against the
localesarray - Appends
?lang={locale}to all requests
See the i18n documentation for full setup guide.
methodSpoofing#
For backends (like Laravel) that don't support PUT/PATCH/DELETE methods natively.
When enabled:
errorMessages#
Customize error messages.
timeout#
Request timeout in milliseconds.
defaultHeaders#
Headers to include in every request.
responseFormat#
Expected response format.
Advanced Usage#
Custom Headers per Request#
Query Parameters#
File Uploads#
Raw Response#
With Refreshed Token#
The API client automatically uses refreshed tokens from the proxy:
Full Example#
Response Format#
All API client methods return a Response object:
Error Handling#
Token Priority#
The API client uses tokens in this order:
- x-refreshed-token header - If proxy just refreshed the token
- User token cookie - For authenticated requests
- Guest token cookie - For guest requests
This ensures seamless token refresh without race conditions.