API Reference - @liveblocks/node

You can use the Liveblocks API in test mode, which does not affect your live data. The API key you use to authenticate the request determines whether the request is live mode or test mode.

authorize

If the current user has access to the provided room, call this function from your authorization endpoint and returns the result as a http response.

Optionally, you can also pass a userId and userInfo to add information about the current user that will not change during the session. This information will will be accessible in the client to all other users in

Room.getOthers. It can be helpful to implement avatars or display the user’s name without introducing a potential impersonification security issue.

• userId cannot be longer than 128 characters.
• userInfo cannot be longer than 1024 characters once serialized to JSON.

Example with Next.js

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import { authorize } from '@liveblocks/node';

// Replace this key with your secret key provided at
// http://liveblocks.io/dashboard/apikeys
const secret = "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxx";

export default async function auth(req, res) {
  /**
  * Implement your own security here.
  *
  * It's your responsibility to ensure that the caller of this endpoint
  * is a valid user by validating the cookies or authentication headers
  * and that it has access to the requested room.
  */
  const room = req.body.room;
  const response = await authorize({
    room,
    secret,
    userId: "123", // Optional
    groupIds: ["456"], // Optional
    userInfo: {    // Optional
      name: "Ada Lovelace"
    }
  });
  return res.status(response.status).end(response.body);
}

Example with Express.js

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
const express = require("express");
const { authorize } = require("@liveblocks/node");

// Replace this key with your secret key provided at
// http://liveblocks.io/dashboard/apikeys
const secret = "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxx";

const app = express();

app.use(express.json());

app.post("/api/auth", (req, res) => {
  /**
  * Implement your own security here.
  *
  * It's your responsibility to ensure that the caller of this endpoint
  * is a valid user by validating the cookies or authentication headers
  * and that it has access to the requested room.
  */
  authorize({
    room: req.body.room,
    secret,
    userId: "123", // Optional
    userInfo: {    // Optional
      name: "Ada Lovelace"
    }
  })
    .then((authResponse) => {
      res.send(authResponse.body);
    })
    .catch((er) => {
      res.status(403).end();
    });
});