docs
Sign inSign up

API Reference - @liveblocks/node

You can use the Liveblocks API in test mode, which does not affect your live data. The API key you use to authenticate the request determines whether the request is live mode or test mode.

authorize

If the current user has access to the provided room, call this function from your authorization endpoint and returns the result as a http response.

Optionally, you can also pass a userId and userInfo to add information about the current user that will not change during the session. It can be helpful to implement avatars or display the user's name without introducing a potential security issue (impersonification).
userId cannot be longer than 128 characters.
userInfo cannot be longer than 1024 characters once serialized to JSON.

Example with Next.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
import { authorize } from '@liveblocks/node';
          
const SECRET_KEY = "sk_live_xxxxxxxxxxxxxxxxxxxxxxxx";


export default async function auth(req, res) {
  /**
   * Implement your own security here.
   * 
   * It's your responsibility to ensure that the caller of this endpoint 
   * is a valid user by validating the cookies or authentication headers
   * and that it has access to the requested room.
   */
  const room = req.body.room;
  const response = await authorize({ room, secret: SECRET_KEY });
  return res.status(response.status).end(response.body);
}
Example with Express.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
const express = require("express");
const { authorize } = require("@liveblocks/node");


// Replace this key with your secret key provided at https://liveblocks.io/dashboard/apikeys
const secret = "sk_live_xxxxxxxxxxxxxxxxxxxxxxxx";


const app = express();


app.use(express.json());


app.post("/api/auth", (req, res) => {
  /**
   * Implement your own security here.
   * 
   * It's your responsibility to ensure that the caller of this endpoint 
   * is a valid user by validating the cookies or authentication headers
   * and that it has access to the requested room.
   */
  authorize({
    room: req.body.room,
    secret
  })
    .then((authResponse) => {
      res.send(authResponse.body);
    })
    .catch((er) => {
      res.status(403).end();
    });
});