API Reference

Complete API reference for all next-api-layer exports.

Server-Side#

createAuthProxy#

Creates a Next.js proxy for handling authentication.

TypeScript

Parameters:

config - AuthProxyConfig object

Returns:

Next.js proxy function

Example:

TypeScript

createApiClient#

Creates a server-side API client for making authenticated requests.

TypeScript

Parameters:

config - ApiClientConfig object

Returns:

ApiClient instance with request methods

Methods:

Method	Signature	Description
`get`	`get(endpoint, options?)`	GET request
`post`	`post(endpoint, body?, options?)`	POST request
`put`	`put(endpoint, body?, options?)`	PUT request
`patch`	`patch(endpoint, body?, options?)`	PATCH request
`delete`	`delete(endpoint, options?)`	DELETE request

Example:

TypeScript

getServerUser#

Fetches the current user on the server side. First checks x-auth-user header (set by proxy) for zero-latency access, falls back to backend validation only if needed.

TypeScript

Parameters:

Option	Type	Default	Description
`userCookie`	`string`	`"userAuthToken"`	Name of the user token cookie
`guestCookie`	`string`	`"guestAuthToken"`	Name of the guest token cookie
`apiBaseUrl`	`string`	`process.env.API_BASE_URL`	Base URL for API requests
`validateEndpoint`	`string`	`"auth/me"`	Endpoint to validate token
`skipHeader`	`boolean`	`false`	Skip header check and always fetch from backend
`isGuestFn`	`(user) => boolean`	checks token_type	Function to check if user is a guest
`parseResponse`	`(response) => TUser`	extracts from data/user	Function to parse API response

Returns: Promise<ServerUserResult<TUser>>

TypeScript

Example:

TypeScript

isAuthenticatedServer#

Lightweight check if user is authenticated. Only checks for cookie presence, doesn't validate with backend.

TypeScript

Parameters:

userCookie - Cookie name to check (default: "userAuthToken")

Returns: Promise<boolean>

Example:

TypeScript

getServerToken#

Get the auth token directly in Server Components.

TypeScript

Parameters:

userCookie - User cookie name (default: "userAuthToken")
guestCookie - Guest cookie name (default: "guestAuthToken")

Returns: Promise<string | null>

Example:

TypeScript

Client-Side#

AuthProvider#

React context provider for authentication state.

TSX

Props:

Prop	Type	Default	Description
`userEndpoint`	`string`	`/api/auth/me`	Endpoint to fetch user data
`loginEndpoint`	`string`	`/api/auth/login`	Endpoint for login requests
`registerEndpoint`	`string`	`/api/auth/register`	Endpoint for registration
`logoutEndpoint`	`string`	`/api/auth/logout`	Endpoint for logout
`logoutRedirect`	`string`	-	Redirect path after logout
`swrConfig`	`SWRConfiguration`	`{}`	SWR options
`isGuestFn`	`(user) => boolean`	checks token_type	Function to check if user is guest
`parseResponse`	`(res) => TUser`	extracts from data/user	Function to parse API response
`onLogin`	`(user) => void`	-	Callback on successful login
`onLogout`	`() => void`	-	Callback on logout
`onError`	`(error) => void`	-	Error callback
`initialUser`	`TUser`	-	Initial user from SSR

useAuth#

Hook to access authentication state and actions.

TypeScript

Returns:

Property	Type	Description
`user`	`TUser \| null`	Current user
`isAuthenticated`	`boolean`	Is authenticated (not guest)
`isGuest`	`boolean`	Is guest session
`isLoading`	`boolean`	Loading state
`error`	`Error \| null`	Auth error
`login`	`(credentials) => Promise<AuthResult>`	Login with credentials
`register`	`(data) => Promise<AuthResult>`	Register new user
`logout`	`() => Promise<void>`	Log out
`refresh`	`() => Promise<void>`	Refresh user data
`mutate`	`() => Promise<void>`	Revalidate user (SWR mutate)

Configuration Types#

AuthProxyConfig#

TypeScript

ApiClientConfig#

TypeScript

CsrfConfig#

TypeScript

RateLimitConfig#

TypeScript

AuditConfig#

TypeScript

Response Types#

ApiResponse#

Standard API response format.

TypeScript

AuthResult#

Result of authentication validation.

TypeScript

TokenInfo#

Token validation result.

TypeScript

Constants#

Default Values#

TypeScript

Error Handling#

AuthError#

TypeScript

API Reference

Complete API reference for all next-api-layer exports.

Server-Side#

createAuthProxy#

Creates a Next.js proxy for handling authentication.

TypeScript

Parameters:

config - AuthProxyConfig object

Returns:

Next.js proxy function

Example:

TypeScript

createApiClient#

Creates a server-side API client for making authenticated requests.

TypeScript

Parameters:

config - ApiClientConfig object

Returns:

ApiClient instance with request methods

Methods:

Method	Signature	Description
`get`	`get(endpoint, options?)`	GET request
`post`	`post(endpoint, body?, options?)`	POST request
`put`	`put(endpoint, body?, options?)`	PUT request
`patch`	`patch(endpoint, body?, options?)`	PATCH request
`delete`	`delete(endpoint, options?)`	DELETE request

Example:

TypeScript

getServerUser#

Fetches the current user on the server side. First checks x-auth-user header (set by proxy) for zero-latency access, falls back to backend validation only if needed.

TypeScript

Parameters:

Option	Type	Default	Description
`userCookie`	`string`	`"userAuthToken"`	Name of the user token cookie
`guestCookie`	`string`	`"guestAuthToken"`	Name of the guest token cookie
`apiBaseUrl`	`string`	`process.env.API_BASE_URL`	Base URL for API requests
`validateEndpoint`	`string`	`"auth/me"`	Endpoint to validate token
`skipHeader`	`boolean`	`false`	Skip header check and always fetch from backend
`isGuestFn`	`(user) => boolean`	checks token_type	Function to check if user is a guest
`parseResponse`	`(response) => TUser`	extracts from data/user	Function to parse API response

Returns: Promise<ServerUserResult<TUser>>

TypeScript

Example:

TypeScript

isAuthenticatedServer#

Lightweight check if user is authenticated. Only checks for cookie presence, doesn't validate with backend.

TypeScript

Parameters:

userCookie - Cookie name to check (default: "userAuthToken")

Returns: Promise<boolean>

Example:

TypeScript

getServerToken#

Get the auth token directly in Server Components.

TypeScript

Parameters:

userCookie - User cookie name (default: "userAuthToken")
guestCookie - Guest cookie name (default: "guestAuthToken")

Returns: Promise<string | null>

Example:

TypeScript

Client-Side#

AuthProvider#

React context provider for authentication state.

TSX

Props:

Prop	Type	Default	Description
`userEndpoint`	`string`	`/api/auth/me`	Endpoint to fetch user data
`loginEndpoint`	`string`	`/api/auth/login`	Endpoint for login requests
`registerEndpoint`	`string`	`/api/auth/register`	Endpoint for registration
`logoutEndpoint`	`string`	`/api/auth/logout`	Endpoint for logout
`logoutRedirect`	`string`	-	Redirect path after logout
`swrConfig`	`SWRConfiguration`	`{}`	SWR options
`isGuestFn`	`(user) => boolean`	checks token_type	Function to check if user is guest
`parseResponse`	`(res) => TUser`	extracts from data/user	Function to parse API response
`onLogin`	`(user) => void`	-	Callback on successful login
`onLogout`	`() => void`	-	Callback on logout
`onError`	`(error) => void`	-	Error callback
`initialUser`	`TUser`	-	Initial user from SSR

useAuth#

Hook to access authentication state and actions.

TypeScript

Returns:

Property	Type	Description
`user`	`TUser \| null`	Current user
`isAuthenticated`	`boolean`	Is authenticated (not guest)
`isGuest`	`boolean`	Is guest session
`isLoading`	`boolean`	Loading state
`error`	`Error \| null`	Auth error
`login`	`(credentials) => Promise<AuthResult>`	Login with credentials
`register`	`(data) => Promise<AuthResult>`	Register new user
`logout`	`() => Promise<void>`	Log out
`refresh`	`() => Promise<void>`	Refresh user data
`mutate`	`() => Promise<void>`	Revalidate user (SWR mutate)