https://supertokens.com/ logo
backend only
y

yvstrishul

04/27/2023, 3:47 PM
Hi, I am using SuperTokens only for backend. After calling signin api, how can I use access token present in its response header as I believe I can't override the function in signin api
r

rp

04/28/2023, 5:17 AM
hey @yvstrishul you can use the access token as an authorization bearer token in your request. You can save the refresh token as well somewhere and then use it to get new session tokens.
y

yvstrishul

04/28/2023, 5:21 AM
Yes, I was asking how to get token after signin api. I found this in your docs 'You should attach the st-auth-mode header to calls to the login API'. I think this can be used to store the access token in cookie to be used as authorization bearer token for subsequent request. Am I right?
r

rp

04/28/2023, 5:22 AM
are you calling the sign in APi of the core? Or of the APis exposed via the backend middleware?
y

yvstrishul

04/28/2023, 5:22 AM
via middleware of your backend sdk (/auth/signin)
r

rp

04/28/2023, 5:24 AM
right. So the response headers will have the access and refresh tokens
st-access-token
and
st-refresh-token
y

yvstrishul

04/28/2023, 5:25 AM
yes how are they usually fetched and stored?
r

rp

04/28/2023, 5:27 AM
they are stored in the browser usaually
when you say how are they fetched - do you mean how to read them from the headers in the response?
y

yvstrishul

04/28/2023, 5:28 AM
yes
r

rp

04/28/2023, 5:28 AM
that i mean you can google 🙂
y

yvstrishul

04/28/2023, 5:30 AM
ok Thank you