API Client Configuration

The createApiClient function creates a server-side API client that works seamlessly with the auth proxy. It handles token management, request sanitization, and proper error formatting.

Using the API Client#

Request Options#

All methods accept an optional options parameter:

Available Options

| Option | Type | Description | |--------|------|-------------| | headers | object | Custom headers for the request | | queryParams | object | Query parameters to append to URL | | isFormData | boolean | Set true when sending FormData | | skipSanitize | boolean | Skip all response sanitization for this request | | skipSanitizeFields | string[] | Skip sanitization for specific fields only |

Per-Request Sanitization Control

Sometimes you need to receive raw HTML from the backend (e.g., CMS content, rich text editors):

TypeScript

Configuration Options#

apiBaseUrl#

Required - Backend API base URL.

TypeScript

cookies#

Required - Must match the cookie names in your auth proxy.

TypeScript

sanitization#

XSS protection for response data.

TypeScript

Default Sanitization

By default, all string values in responses are sanitized:

TypeScript

i18n#

Automatically append locale to API requests. Works with the x-locale header set by the auth proxy.

TypeScript

When enabled, the API client:

Reads the x-locale header (set by auth proxy middleware)
Validates it against the locales array
Appends ?lang={locale} to all requests

TypeScript

See the i18n documentation for full setup guide.

methodSpoofing#

For backends (like Laravel) that don't support PUT/PATCH/DELETE methods natively.

TypeScript

When enabled:

TypeScript

errorMessages#

Customize error messages.

TypeScript

timeout#

Request timeout in milliseconds.

TypeScript

defaultHeaders#

Headers to include in every request.

TypeScript

responseFormat#

Expected response format.

TypeScript

Advanced Usage#

Custom Headers per Request#

TypeScript

Query Parameters#

TypeScript

File Uploads#

TypeScript

Raw Response#

TypeScript

With Refreshed Token#

The API client automatically uses refreshed tokens from the proxy:

TypeScript

Full Example#

TypeScript

Response Format#

All API client methods return a Response object:

TypeScript

Error Handling#

TypeScript

Token Priority#

The API client uses tokens in this order:

x-refreshed-token header - If proxy just refreshed the token
User token cookie - For authenticated requests
Guest token cookie - For guest requests

This ensures seamless token refresh without race conditions.

API Client Configuration

The createApiClient function creates a server-side API client that works seamlessly with the auth proxy. It handles token management, request sanitization, and proper error formatting.

Available Options

Per-Request Sanitization Control

Sometimes you need to receive raw HTML from the backend (e.g., CMS content, rich text editors):

TypeScript

Default Sanitization

By default, all string values in responses are sanitized:

TypeScript

i18n#

Automatically append locale to API requests. Works with the x-locale header set by the auth proxy.

TypeScript

When enabled, the API client:

Reads the x-locale header (set by auth proxy middleware)
Validates it against the locales array
Appends ?lang={locale} to all requests

TypeScript

See the i18n documentation for full setup guide.

methodSpoofing#

For backends (like Laravel) that don't support PUT/PATCH/DELETE methods natively.

TypeScript

When enabled:

TypeScript

x-refreshed-token header - If proxy just refreshed the token
User token cookie - For authenticated requests
Guest token cookie - For guest requests

This ensures seamless token refresh without race conditions.