Parsing User and Plan Capabilities

Step 3: Passing the user token and processing in your API

The dashboard always loads a JWT token for the current logged in user, containing information about the user and the plan.

User & Plan Token Data Structure:

let user = {
	is_admin: <true|false> // Is this a SaaS admin, or regular user?
	is_customer: <true|false> // Is this a paid user?
	id: <uuid> // Unique user identifier
	email: "" // User email string
	plan: (plan == null) ? null : { // Admins have a null plan.
		id: <uuid> // Unique plan identifier
		name: "premium" // Plan name, e.g. starter, middle tier, or premium
		description: "string" // Plan description
		limits: plan.limits, // An array of key-value pairs on plan limits.
		features: plan.features // An array of marketing features of the plan.

Getting the token embedded in the the dashboard

The JWT token signed with your secret key is stored in a hidden div as follows, in your user dashboard pages. If you don't see it in your dashboard page, add this div yourself:

div(hidden, id="token", data-token=token)

Passing the user token to your API from the dashboard:

Use the "Bearer" field in the Authorization headers to pass the JWT token to your API server. Check out Step 2, Making API Requests for more details.

Processing the token on your SaaS Backend:

Here we cover the NodeJS / ExpressJS example. You would typically require the JWT library for your backend server , in NodeJS, here is what you need:

npm install jsonwebtoken --save

Generate and add your JWT secret as an environment variable:

Store your secret in an environment variable:

// Your .env or environment file:
// Add this as a render environment variable:

Decode and process user token information (NodeJS/ExpressJS Example):

const jwt = require('jsonwebtoken');

const jwt_secret = process.env.jwt_secret;

// Fetch token from Auth header Bearer field
// Decode the token using JWT secret saved earlier:
const jwtTokenData = function(req, res, next) {
	const token = req.header('Authorization').replace('Bearer', '').trim();
	// TODO: Call this async, e.g. by passing a callback, then wrapping in promise.
	const decoded = jwt.verify(token, jwt_secret);

	return decoded;

exports.createGetUser = function(req, res, next) {
	let user_info = jwtTokenData(req, res, next);

  console.log("User Info:", user_info);

  // [...]

// Console output:
User Info: {
   firstname: 'Team',
   lastname: 'SaaSBox',
   is_admin: true,
   is_customer: false,
   id: 'cb2931f2-c315-42a5-9ace-1023748b4953',
   email: '',
   plan: null,

Basic dashboard integration is complete at this step.

Last updated